Hi Friends
I am using ajax dll in my application for smooth working but i have some doubt in my mind ? is there any security problem in server when we are using ajax dll in my application. means any one can missuse the application because we are using public memthods in ajax dll.
Any one suggest me, thanks in advance
Lokendra
It depends. Like everything adding a new feature, be it ajax or a normal asp.net page increases your attack surface by adding another route to your application code. One of the common mistakes with ajax is to chain calls, having multiple ajax methods which build up to perform an operation - by having multiple calls you have multiple attack routes, all of which need to be validated and locked down.
Ajax by itself only a little more insecure that web services in that an attacker can see where your ajax services are, because the address is embedded within the javascript for all to see. As with anything you should be checking your inputs, validating them and sanitising your output. With ASP.NET web services (and with WCF services with [AspCompatibilityModeRequirements] set) the browser will send any authentication cookie to them, so you can check if the current user is authenticated, and you can also perform authorization. Of course the need to do this is down to what your application does.
UpdatePanels are, from a security standpoint, safer, because you don't see any exposed functionality, the request is sent back to the page itself, however they have massive scalability problems. They're also easier to use, reducing the potential for mistakes.
Hi,
In spite of the fact that Matthew's comment is correct, the fact that the ajax dll is common and your using public methods are not a subject to security issues.
In general - the security issues here are with WHAT your doing and not what classes your using.