What are AJAX security risks for Domino

hcl-bot · February 2, 2006, 12:14pm

What are the potential vulnerabilities of using XMLHttpRequest in a Domino environment?

If the Domino application server is behind a firewall, can someone still exploit the code that we developed (which performs “dblookups”) to launch a DOS attack or “steal” data? So far we are just doing basic AJAX using the examples provided by O’Reilly, Richard Schwartz, and Jake Howlett. The code is used to select a name from a list and populate other fields on a form with data related to that name.

Several articles indicate that there are security and performance issues when using AJAX, however, I haven’t found any that specifically describe how to deal with these issues other than having a firewall.

hcl-bot · February 2, 2006, 1:03pm

Subject: What are AJAX security risks for Domino

Ajax does not pose any additional security risk in a Domino application. Take the same security precautions you would with any other Domino web application and you’re fine. One of the things that works in a Notes/Domino developer’s favor is security is a mindset from the very beginning and it is tightly integrated into every facet of the environment.

hcl-bot · February 2, 2006, 1:36pm

Subject: RE: What are AJAX security risks for Domino

Thank You! This is our first web app and first attempt at AJAX so we wanted to make sure that we weren’t missing something.