views:

61

answers:

2

Is there any security issue if let say in one application we do a hidden post to another application to make use of that application functionality?

+1  A: 

Depends. Are you using some sort of authentication and encryption?

There are ways this could cause many security issues. Though you could say that of many implementations. Most anything configured badly can be a security issue.

wonderchook
+1  A: 

It would be much better to wrap the other app's functionality in a web service. This will give you a small layer of isolation from any changes in the called app's interface (ex. additional elements within the form body).

That said, as stated in another answer, authentication and encryption are important. However, it won't really be more or less secure than just using the other app directly through its UI.

Edit: There is at least one situation which can lead to the new scenario being less secure than the old one. If the called app uses purely client-side validation of the input data (bad idea), you will have to duplicate that validation when doing the cross post.