Sunday, February 11, 2007

AJAX and Security

This is bad news. AJAX spawns more vulnerability to web applications by increasing and adding attack vectors. This is because of the extensive usage on client side scripting. Typical attack scenarios are imaginable:
- Method Discovery
- Parameter Tampering
- XSS (Cross-Site Scripting)
- XSRF (Cross-Site Request Forgery)

This is not just true for poor coding. Existing frameworks are prone to such security leaks too. And, such attacks don’t demand extensive geek-knowledge. A couple of reasons can be identified. The fact that JavaScript has no inherent security model might be the most important one. The asynchronous model increases the chance to guess and tamper parameters. Request that return JavaScript are especially vulnerable. In general, the increased complexity of client-side scripting makes it harder to avoid un-secure

Distributed Computing

I'm looking for people interested in distributed computing; especially with experience in MPI / OpenMP. I do see a lack of solutions / tools /frameworks to leverage the power of multi-kernel CPU's and multi-processor architecture. More is about to come ...