LeeseIT Blogs » AJAX http://www.leeseit.com/blogs A Blog where Intelligence and Technology meet Wed, 02 Jun 2010 14:44:40 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 Found this on AListApart.com http://www.leeseit.com/blogs/2007/08/20/found-this-on-alistapartcom/ http://www.leeseit.com/blogs/2007/08/20/found-this-on-alistapartcom/#comments Tue, 21 Aug 2007 00:55:46 +0000 Leroy Leese http://blogs.leeseit.com/wordpress/?p=25 It was amazingly valuable for debugging JS.

Safari also has a javascript debugger. You need to enable the Debug menu in safari, which can be done by typing the following into terminal (make sure safari is closed):

% defaults write com.apple.Safari IncludeDebugMenu 1

Then relaunch safari, and from the debug menu you can open a js console.

Amazing.

]]> http://www.leeseit.com/blogs/2007/08/20/found-this-on-alistapartcom/feed/ 1 Scratch Free! Easy Rinse Formula! http://www.leeseit.com/blogs/2006/09/12/scratch-free-easy-rinse-formula/ http://www.leeseit.com/blogs/2006/09/12/scratch-free-easy-rinse-formula/#comments Tue, 12 Sep 2006 16:29:04 +0000 Leroy Leese http://blogs.leeseit.com/wordpress/?p=7 No, not that Ajax®. You know, “AJAX” Asynchronous Javascript And Xml

Is it really as scratch free as they claim?

Its a hot topic – security and how it relates to AJAX. Should we be worried? I mean, its a relative young technology – and most young technologies have security problems. Is it disconcerting that Microsoft is using it all over their new apps/os’s? Should we fret because Google uses it across their website? We’ve never had a problem with Microsoft and security before, right? *sarcasm* Lets break it down.

Historically, when you loaded a webpage, you had one connection and only had to worry about validating server side input once. Now, when you load a page in the browser, you need to validate input, and then anytime AJAX connects to your server, you need to revalidate that input and then handle the results correctly. You have now multiplied the potential leaks, by 2. Now, what if the response you are returning is Javascript code (I return XML most of the time, but its possible to return JS), now are you going to blindly run the JS you returned? Why wouldn’t you, I mean it came from your script. But if someone found a leak to get garbage into your AJAX, how do you know what is returned is not garbage? So now we have opened up potential security leaks by an order of 3.

Have you seen those new Mac commercials? I own a few Macs, and love ‘em. But c’mon guys – you are challenging the community to find flaws and hacks with the Mac OS. Why do this? They are not invincible. And with AJAX running on every platform that has a JS enabled Browser, what are we in for? Remember Robert Morris – 1988?

Sources:
http://www.it-observer.com/articles/1062/ajax_security/
http://en.wikipedia.org/wiki/Morris_Worm
http://www.securityfocus.com/infocus/1868
http://www.usatoday.com/money/industries/technology/2006-08-04-ajax-attack-usat_x.htm

]]> http://www.leeseit.com/blogs/2006/09/12/scratch-free-easy-rinse-formula/feed/ 0