Ok, so I’m developing a web app that has begun to be more ajaxified. I then read a blog that talked about javascript hijacking, and I’m a little confused about when it’s actually a problem. I want some clarification
Question 1:
Is this the problem/vulnerability?
If my site returns json data with a ‘GET’ request that has sensitive
information then that information can get into the wrong hands.
I use ASP.NET MVC and the method that returns JSON requires you to explicitly allow json get requests. I’m guessing that they are trying to save the uninitiated from this security vulnerability.
Question 2:
Does the hijacking occur by sniffing/reading the response as it’s being sent through the internet? Does SSL mitigate that attack?
Question 3:
This led me to ask this question to myself. If I’m storing page state in local javascript object(s) of the page, can someone hijack that data(other than the logged in user)?
Question 4:
Can I safely mitigate against THIS vulnerability by only returning JSON with a ‘POST’ request?
The post you linked to is talking about CSRF & XSS (see my comment on the question), so in that context:
No.
No.
It depends. It depends on whether you’re storing the data in cookies and haven’t set the right domain, or path. It depends on whether there’s a security vulnerability on the client browser that would allow a script to gain access to data that typically is restricted. There are numerous other vectors of attack, and new ones are discovered all the time. The long and the short of it is: don’t trust the browser with any confidential or secure data.
No (it’s not a single vulnerability, it’s a set of classes of vulnerabilities).