Web Services, Web 2.0 & SOA - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Web Services, Web 2.0 & SOA


AJAX Poses Security, Performance Risks



 By: Darryl K. Taft
2006-01-30
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Web Services, Web 2.0 & SOA story.


Rate This Article:
Poor Best
Forum Systems issues an alert, claiming Asynchronous JavaScript and XML leaves applications exposed to Web services vulnerabilities.

Web services and service-oriented architecture security software provider Forum Systems issued an alert on Jan. 30 for AJAX-related security threats and performance issues.

Asynchronous JavaScript and XML, or AJAX, enables responsive and interactive Web services; however, the reliance on XML as the content type for requests and response payloads means that applications are exposed to Web services vulnerabilities, Forum officials said. Thus, officials at the Sandy Utah, company recommend that organizations implement XML content filtering, Web services security and XML acceleration capabilities to ensure scalable and secure AJAX applications.

Peter Coffee says AJAX is no overnight success. Click here to read why.

Resource Library:
Forum Systems officials said AJAX dramatically increases the amount of XML network traffic being transmitted, exposing applications to Web services vulnerabilities; AJAX extends Web services from business-to-business to business-to-consumer and transforms a users Web browser into a Web services portal, thus exposing it to potentially corrupted data that can cause the browser to crash or perform poorly; malformed messages can disrupt server performance due to excessive parsing and exception handling; and XML messages can consume more than double the bandwidth of traditional binary data formats, leading to systemwide performance degradation.

Forum Systems recommends that organizations implement XML content filtering, Web services security and XML acceleration capabilities to ensure scalable and secure AJAX applications.

Wallid Negm, vice president of marketing at Forum Systems, said Forums XWall XML Web Services Firewall features XML filtering and Web services security and serves as an AJAX scalability solution.

"By acknowledging the exposure of AJAX applications, developers and administrators will be well-prepared to handle even accidental events that may disrupt business," said Jason Bloomberg, an analyst with ZapThink LLC, in a statement.

The XWall Web Services Firewall features data validation, XML intrusion prevention, content filtering, WS-Security processing and content acceleration.

Pricing for Forum XWall starts at $2,500 for software and $30,000 for hardware configuration.

Check out eWEEK.coms for the latest news, reviews and analysis in Web services.



  Reader Comments: AJAX Poses Security, Performance Risks
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Web Services, Web 2.0 & SOA Articles          >>> More By Darryl K. Taft
 


x}r*({EW#dKeXq&[*$CRyW 7]hɗdw<5D th4{$ Gtܢd>5g}rԺx'7;AڼW@o&1`JLTRBxd" PcjCG',{/BrM7JQ߸+aASc T$0L" J3~̢!2Iuoeu}uHuz~rn!|c9̠V*PFfЊ%+54^uܜ5o9nڗMuI}!+|v!pgs Z_Zrn`Kk'^3Q&چa#UCIC{|"޺xr>%9Io 7/0o-Yn]H.)MT|Y|ěQ0ʱn>@|sDp6FdƩ$|ǺzNԎRl!o4f!`FܼNR49Vˡ蟩$Wm4@r-XSl؅ RMo4x M XRU>hI"E[fT}O%ތENQ'}Ymvi(|I}ѦޣR?7ݘiI70i\+Gݺ~LnXŞ+Fԇ9[i`I l"#0Ie&3 yG νdrgo͠~(wMnP>X^0 jp.HpyY?9>o  馥M L<ģA }p (~9-RC/1tSt=JIAF"D% T h4A'EENNA7w$]I+TbD8JnOu$]8gJ"ڹLX*QY,p[/ ͙JRd0u Q򍜈="`&Qea*0pRx5Qn-`oʱ& 4LX,CtH{27i &4u0OiH\U}ɲIg0sO<syGn;A뎒:\f335{00q}c] kwtӴ٤͙iÂqjS9_Aa"FL˄r=6`]2(O08-cys3t7Nm~|FpIN3_hy>grGֶLo J% jJ=SsA|5i!3L&Ze onД /kb*q (ӧLEۋ)I :3X-8G4W- eSZqlzQn^ӛAt ]֥PK@xC dl+/,;7kc:J+_iihH*6@\X3,# %.?W0Z?LpSw{{jaaC+UVOLYZsX)Z%R{5>k断,0!.(2n( 迏$XsPQ[ ҆|xku:.PCϱȧ鹞~o6*||0ː ;uM CO5,v&Vfj:Y[|'+ȁUrqXk0익Vׅ]!/_8g׭i+CoLsCm0 Ǧ"}Zl"{Ow])W=B~*%1IO5 &^PGe d^s`M[`R9cDzl lF CQ>-D:=G.4MD83[/OAE-4$qx3??uPV&<[?\v>ڣVN0\}OДa˘34|q6L,*I՗bAQ OkMf٧gL副3ۉi0Aq_8R"X @ 4~Ї>B SK@'Z``ELs ǖYCǖbTیЂ[|T=OҶ@%УCizi}~هF9#*!'HHo?YDjPVVR帨V*߬7cSO@H.5ǁ3S翼;ug? gvoܦ;pCs㑏.S˰)c.# ,c`7 $̮$fG`Ó R*%)P׃,`(*h3sߛyx dEM]CNy!+pD\Po}o )pe&zo}ɺIPɑ1[D`{ nUESU[K[3]W< OQ: A\=!< `QtEa&NiI[ P{IMzO1"_pkd豸2] QB|lص`L )̨5UV *~e{oJ.4F(dyD4@/=q8bk lBs}tq@l#RaCݜ5m"uy@VIJXhQ6;_6MONWШ6>s7}&-nov=Ot[GyrN?dZKp|]avKreH˷"gf ItL5y@<sUJ _FL4Ω,6 خiϼV&9e>c'}Tco*\$t+n] m{D9Tb1JiRx` fΌzlinz*%\.Yid {2u9p\e}̭4N7/UU^S;:9&P@ZhO \898$Dv$MU"[ qe l&SbR/փ `Ac#g0k(G݉(~ (zC9kmz~>RTS(.>JMP*jIIz, :,h7xџVPVW`Zd&s\%\{si0o)Q󩋗afD]R/)3nQ/ ~egmS?PG e[,r/鉚ƺRaf~`Gq+ZP`ӪV$,: 7Cd',-BGI}/\%I'sSfn tDo0|7=0FHΝrQӊ5JR'0阣kS@Z: GYdQ.|aR)V8N3Az vBs=Q<CGp {$,^tQcrѾlI^+΃ w"EKrBë<uxi)qڎ7M ,#L=\?ֈdȰ6 Z_ť{l]sfiZ ^k5W'27e8ވFhv[_aݪ,d2|CL($T0r,`$X)XCu:]]4>GG:KEP^S(+RJ)"4FL |Ϛu3_f| Rt<~UrڿPעo1Mr!}J_cNfo4~ɮP6=8,rh%縍vRt/0?xԾhz?&i^3/pǻ"TS8Lш&r֚SE[@-{t#1aTwޣd e~=m0결uC$<1ON)tJȓÓ!E=)*چIդ28I5F4A2 uIH? Md4XPWl Pق'59ܻ8^]߹m|d`M`l)Za!|)Nr >m\`e>%';yRb}b%%h8W&Brc'?<@s`S¼*G<=t#aEbݙmsmD;1u;2x;zZ1?ݞpne9?jw`{t4dwD/'yV7^^S{20t[tؗ{vOKn<]1n萧lLgI"ɫ׺w7}\8%'+w|621@7Yud3D?ye16>gnR3-|c@{~mI.e~W(TR/bOk$J麇\%(S]MT--^\RK>^_+Uk@< b]_ I{Oz[6N Ģ7ef7cŸ@!{ze'MNil&s$;gr#@*yx\[w5%pRx65y(1h4Rwo7lv4W -~@k-Ǭ§!qZop$|+؊wO_Oo+N֊ v™)[ꈧ Wךneb֚KKLBI|pI7̼V&&o ZГqi+B<ыO-1j-}Of|k[a32O2͙,]&?5 p~ru_,8kӿŨ)\ eK}r]Zٯ?e#^rKxST&rR\Kɵ!#Brg[uꈬc"'gUNfeYRiқJ,3 Gx6<>ːbB0nQ/yמ 2hE^+%W+GEhYl~D ~p#]Z,JHl, "$ ;0m77o9_ YK#”h9G{e7*2$șϤ/YW/Ry[)Fٹao&o|7r!ޱhJ|yCCH ߀ %E䡷 ^7`EMOGONR ZTCP;`ao:?Ψ^*x9؇ol}Z3Zܖa 0@tDkDz|;$` 0^!u  ,`yxF)t }|+QrGw|aWN+JZi[N+aC%)H3ѬKԽ WΌ bh'k`b=tWP%utV0f %"ӕ3I9Q>-I ;uHr`bܗK]Kq"> NYK\p<vʼnbT}WFJJa[F+D9dW(⾿qғNtL*#p978G)0L^OOOObI)=O뫗wbR8nƼhH4}']SO-0@B'+Yos!L& aębnoa0-:P˘/ICߒմ bl,h0;ܝӥ<{#N$E³x_a)ŀ3;~DLpc-hHRԪ?–gK3˙ ۤA_@Q{;:w]]_C]9L9L9L9LvR !"|ve2,omݒEuXjbs Uɞe(GK8,T ױyC_h|='_K9L3zXJkFQ[M$v a{k_c6D6xђ9zf$nr\XHΘyIdI:yhO_"rDՈs1u^fr5sM"w\IUӶ=MGϦKs Lv_ҽ@ҲG DI@"^YE?S_$I؍_y}#1;KS߅cOgofk?|cOdeۈS}cїb}^8-3UDe"Ʀ!NnBjp5',BOm ﬕ:s?8h<;]̩o7%|5ƍFjQV w'N3uI@}uI{13\#w%5l +lyӫ_ȅM<`NwW?r+j/e q8\톁yEjLX1A(C-`d;1LHj~ж}A˽=V4i# mY[`8Oċ4V{Ow]@VE6b̹+fZgy9&9tS@- @ɼ#l$5:!TJD:`ӗ)3VD2PJ4/h` >L%' z;>&53hΝc(PTv>k~R~i//m~jGB[_UbkXrw2О$/RM#}M[\ bVd=-Tw߁^<@!yO51䛟?E;:^GIKnb+.:]@,vȉa]')ȁ.cb1ʱ, <ߋ.,"*1v%1h}PR #S=%1{=c8pkjj5J5AV^ #l8ckjrD,?t$"R./> Bl?QXQDG6 KfRlVPm.MEfAȢiWV\1^ UCub?=G/utIkb"]J1xy[ߣ]!1cUTA9-Q5]9RU BIe}Ũt@ mNLyM13цX50yfvX5Įzs3 ^i<1E7Zz9Z<hfUj"mn0tv+=ԘDh 7pKycYqYQNdn&~iXay>H':t=jh DӤJ fvjRcrzw(h;}yjUS*ZYQ#<&\ks;w0/9 Փ>-,b'c0/Ƙۏ`^*iB¼{ւ4F':a=X2o LtxZډBLk?L~G ' pr|w\ۭ9q,)iAH+- +^Rc"W6mMz6aiҙ H۠[*н"%&hPjߙc۫u) +Kf0]+ 6Ƕl[vi|Duv7H)tAu[M@ئÏR\j:N#V¯mR9ʇ1f=x/Ntt aZ*F6#ZIixw<;:W1h=`C c  Ą[)bUfwܠ~z*ڟO`5ҽ~#nZU{FGȚXt J nZ, Eh7 7ڤ`(8N1C}d+VzK"?{|E &̋XH t<.$:v="wz̥7f?= n'N8mǃ"Ba=X :>IoH L]U# `x;J(zh_M﷮{aC_8s&2U`g&.a0Lqߩ1>sH ]TW\Afx3Bx7t'le1u<0{χ\o!#}CcPy-r9GL&ϷFu* cDR/3O0枩ոSTdL4B&(qTik$df9,yǥ}-AG,G71=` ?vb.uwԐ0(VIB uXRFB(6s 6 Hglu;5 _F`p3W VjE)OBӁRs]j)qN^]xʠYV^*_ӄ^I+\A] / PIZ WuGISk۷f`h\]]|&gk g׭}<^%9i]tolo;u|ڽ|־l]]/LG_ }m |Q);OFYi1;eNq(gE B*rK xU" /%Lqx&0on/D~D(/& F^&69BFyljŵv#g5^LW%(CE@Цo􁗣Jc>rNMo )nu:e+WMjV}QqxQ?d f_Cpj# ݌r&Р(?g@ Pqsy;W?oo.o7sv3gڗvF?rPysȀ]1>w};}: ; v2e2OP)3(@y'2c|/A~.32cnF _?2 ޿x:z//P_3*>e )~7P~U{7MF77$)cF5pvJEsQ^O2T}~)PgP g ~-2*B @^~ kL+ťW*7YKxM}%kkF1nvd}WG{1:,y&J s hxVydb bye?VPw;]CҤ]z.{%])W[O'ikr(%s<2g)h{U3-FDùQUނb>xPxZLԸrGpoQV" #<5 b37}e\ 7㌠6{x50AZחU}=Z}EPS,M$LBpDc&Za g8 a箩%7=ѯF.h DLG21vFr|(VT+[-WJr=]  A(.#&T$`rXrF(RB4|;یW)57' yV8an%[#Dk(xx=* ۼx7,{Ty؛ގe@7J,W{3ЫD@.^{s'm^q6 _dXMD 2yhk䣿 t81th;Ì1x466;Da9P3l1@Й zn2%23U{:/\xT "esCv!-7Lj1bPS*WEɑpH-} I_\=u{̪DD}GQ!je> /ipxxc "n+!(p0>@Z9ϱ znҸ|c44݆gLe~7]6bZǩb֠}ֽD#Z#7XXNƀ_/1Xm$ ݈qef~8Wǯpev*}O }Cpzusڱ Eaqg:?"d`{.fB~:TCȘ 2 XQ>ಓ_`'ce-;"4ng iq]cG 6{Nz ̄0QxN|?K+_yl xdDأ_BDOv֤->#%0qn|wy$>},.q sEeבe,&J =B8̈́tAȉwlPF/@HaC4uWeԢԱ"䴯˞w﫾1a`a?=N@U]pOawB=X[t^wkdU9Hr&zu h$.7=k"6: gKCJ'zw[om\%&hv[E`'/];g\|<_D=緆e]iO2vy9=|En[~Qڗ@1a璧۶f*iůK^!t#R.܋OFې)0XPy4w0n9iws[T:9A&{xmˎ똣 G'NFptc-["@# e`0l4`e8ΧYp穎m,U|J6A1^7Ku A]=_v{[=/'_cY1}p1LX+0W_mkASsL5ʳ(`,$v"VKjMΡmjqR!efƲ 7cP.Xd-%oB@:S .xBG,?ɋ|P byx ^ŧ$NS?X|ړT+O ƕ)@Xqɩ8To?_V˛ByֽKgN$7mv<hy6xL MTUA$摝7yE1u=U.ɡRvᷮ g۲Mi4TU>\JRSk$5XVfLN˚Z܄;"6BKFslx6  گ)