Google JSON issue

I’m not a big fan of Google’s engineers in general, but this one is an excellent example of Google just being stupid:

http://www.ddj.com/dept/webservices/196800994

Apparently, the Google engineering genius decided that it wasn’t important to ensure the request coming in VIA an AJAX request had the correct user session cookie and that the users session was still valid on the server. No…. Instead they just decided that this and probably hundreds of other AJAX requests didn’t need any security and just worked no matter who the requesting client was. This is web programming 101 folks. Since the browser (user-agent) must provide the same cookies for an AJAX request as it does a normal request, there is NO reason a web application shouldn’t secure AJAX requests as it does normal requests using the in-memory session cookie.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s