Learn AJAX

Home     |      Learn AJAX     |      Forum     |      Register     |      Submit Resource     |      Submit Article      |      Contact Us

Security Tutorials

 
Home Security
 

OAuth for Ajax Applications

 
Category: Security
Comments (0)

Security is always a top priority for any developer and this reality is even highlighted when the application being developed is Ajax based.


It is already an established fact that an Ajax based application could easily provide user friendly applications without having to sacrifice too many resources on the gadget.


Along with the user friendly interface is the trouble of securing data from attackers. Develop Ajax applications is very difficult in itself for two reasons – first, a developer has to learn not only one programming language but a slew of programming languages and second; the challenge of securing the application.


There are many ways an Ajax application could be attacked and one of those ways is when a developer adds an API to their application that links to another site.


An API is a very user friendly component to a website since not only users could enjoy the additional functions, developers could also install the API without any effort at all.


But the ease in installation again opens up another set of security concerns. Among those concerns is the user’s security.


A very popular type of attack not only for an Ajax based application but on other online applications as well is when the API is being mistaken by developers as safe.


After installing the API, the attacker will then require users to enter their username and password so that it could link to an online service they constantly use such as emails or online photos.


This process might seem innocent at first but this process could single-handedly steal all your users’ personal data. Your website will be implicated even though you did not do anything or tried to have a hold of their information.


That is why it is highly recommended to add a small but very significant tool to your website. Dubbed as OAuth, it aims to let protect their data even though they use an outside source such as API to access their personal information.


Relevance to OpenID


OAuth could be easily identified the more popular technology, OpenID. This security technology is being observed by some of the giants of the internet so that users do not have to trouble themselves with different usernames and passwords.


With just a single username and password, user can easily access different websites without having to log in every time. OAuth will also help users achieve this ease in dealing with different websites.


But OAuth is a lot different compared to OpenID. Through OAuth, those who are using API will assure users that their data is highly secured.


Although a username and password will be used to access data, the API only has limited capacity and will not have the ability to snoop further into additional personal data.


As the developers of OAuth describe it, this feature for online APIs is like a valet key found in luxury cars. It can let the valet drive, but not very far and with little to no additional access except in driving the car. Hopefully, this type of security will be implemented in many Ajax based applications to efficiently protect users’ data.



Read Next: How to Improve XSS Filters



 

 

Comments



Post Your Comment:

Members Please Login
Your Name:*
e-mail ID:(required for notification)*
Image Verification: 
 
 Subscribe    

Sponsored Links

 
Learn AJAX  |   Forum  |   Register  |   Submit Resource  |   Submit Article  |   Privacy Policy  |   Contact  |   Site Map
Copyright © 2005 - 2010 AjaxWith.com. All Rights Reserved

Page copy protected against web site content infringement by Copyscape