Web Services, Web 2.0 & SOA - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Web Services, Web 2.0 & SOA


AJAX Poses Security, Performance Risks



 By: Darryl K. Taft
2006-01-30
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Web Services, Web 2.0 & SOA story.


Rate This Article:
Poor Best
Forum Systems issues an alert, claiming Asynchronous JavaScript and XML leaves applications exposed to Web services vulnerabilities.

Web services and service-oriented architecture security software provider Forum Systems issued an alert on Jan. 30 for AJAX-related security threats and performance issues.

Asynchronous JavaScript and XML, or AJAX, enables responsive and interactive Web services; however, the reliance on XML as the content type for requests and response payloads means that applications are exposed to Web services vulnerabilities, Forum officials said. Thus, officials at the Sandy Utah, company recommend that organizations implement XML content filtering, Web services security and XML acceleration capabilities to ensure scalable and secure AJAX applications.

Peter Coffee says AJAX is no overnight success. Click here to read why.

Resource Library:
Forum Systems officials said AJAX dramatically increases the amount of XML network traffic being transmitted, exposing applications to Web services vulnerabilities; AJAX extends Web services from business-to-business to business-to-consumer and transforms a users Web browser into a Web services portal, thus exposing it to potentially corrupted data that can cause the browser to crash or perform poorly; malformed messages can disrupt server performance due to excessive parsing and exception handling; and XML messages can consume more than double the bandwidth of traditional binary data formats, leading to systemwide performance degradation.

Forum Systems recommends that organizations implement XML content filtering, Web services security and XML acceleration capabilities to ensure scalable and secure AJAX applications.

Wallid Negm, vice president of marketing at Forum Systems, said Forums XWall XML Web Services Firewall features XML filtering and Web services security and serves as an AJAX scalability solution.

"By acknowledging the exposure of AJAX applications, developers and administrators will be well-prepared to handle even accidental events that may disrupt business," said Jason Bloomberg, an analyst with ZapThink LLC, in a statement.

The XWall Web Services Firewall features data validation, XML intrusion prevention, content filtering, WS-Security processing and content acceleration.

Pricing for Forum XWall starts at $2,500 for software and $30,000 for hardware configuration.

Check out eWEEK.coms for the latest news, reviews and analysis in Web services.



  Reader Comments: AJAX Poses Security, Performance Risks
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Web Services, Web 2.0 & SOA Articles          >>> More By Darryl K. Taft
 


xv㶲 ;^+(}LQ[ʒ-ݖm|3K"!1Er/8Κg %i'mKX uCP޻$\8auE1>=zg{HRcoM#sJ9Az#:,t}w5k99r z=>;|9|@D%SjNA]m3g{z}_6gڄ2z9o0 fE63FIGs!&H}8K Q;iEacoN g&4ob Q6#R*^b&{Bq<%;^7;F~B {.Y^ZY~ 8 b'*#O^3l bŰH A=c9p<v5#wJ3q򿹓' j8NQp/F:r,#Ec9LNRY@Rk3ӂhYlɧ9]oԏ -y`2E9$7 \j?ypȳXхN؎MYnհ}--:ۉm=4..8bcm ͻS Ї@2xZ`:v8,2踞þɲf gML6o@֭cU)Zp\*x>oچs[=0Q9n^wf?͇_a9ʑGA GfnGkp[N^ԢzS^}j_\Gr  + m%& jDTV*bx$" P}jCG'I_:']>o VQWB-âZPbɥv'Y̮g fVҘ 'E)"t'lji_Wם~ ڧ'ם7bٚXC J@$TYHwNբu|qӹlnwMZOvI3a ɗV }k pO{uH0|`kh2`;;RV>H ?zWm2 ୫'Sdx*˭Ar>^Cf&J ͒eL_;D\KG)H7#ǚM#4ȌcPu t9CfCt-Mf "dh&ͻzp- @lo Kj(:H)5?&FȚb.L2o2zJ$%/^PeP샚_΢[2jFt*\($ɛ!"ˆG9x|!XsI((GNlO|yx>jY]6'dauIUis[dh.ϱ'vs"e~ *WFnZ` QMm{QVc1y+eY¡R8-|Qnl 2XbXvP7X[A^݇lA::~f1>QÜ#ͶOCGs>h2胆6ml-ƹh$ ,70}Hg@zQI$qpy4ڭ-%H_ >< zN==H6Zχ`j˦MfB9{ǻergm͠~(wEnHi>X^0{@`^@Z8`88ʼE ]qksB7}`4F&QcSB\jÐx?+1 %@X "D%  h4A'EENNlbo(?LHX)VpDm'8.3Tr XK){TKh+K@f:34YIJMu]_ ȉ#m"09X ,gZ Xk%Vj9m2*COđaC H\PeMT7mP9c= :׃9@M݄?9ahgsODOAЌ7_AY}x@}0~ M l$Tfh DfO ~-gnr wwT/=29 UQR })zn7C p>!_Nw\Գ&VAB glCC{ޡ[Y3T)w^;= PgaE8F2b5i%fQ/0}KԙQ48%'1`sW|](YWo%<4ވյ݋$/gsP.our@[Fޒy 0pƗZZ"b b7{\\1-# l,>F4~hN/a2*)w4v;tl=5&5|nV/E\8?>2aiz#[걪VjR)vn ʸSNݐ6 [IF|t|:.MKϱ("}r3[`t )نhpܩHhQ+mneͨPP - f Š%lDe@u\X:55{qa9XZTkʞtٔүxvp ;fcxF3fԱiQP7uig#2bZkkP +BQQb?&q?|2exL,Z`_9cDzl̠7It]t)e5y8p_3sDl4$T Paa03MCؚyeoXySc's;!䚻!`TjfquLTngbQIBmAmbPI}(Xk±&>,<<+i0ր 0 ~"}lA$6\,0|*U*Uˈ`n+V/(%7].K i?`E"%>ڧs!a*/73 \OgZV,֪1:P+Rj: _V2`>s@y >{Vv0eC>yLLZ<5}˰"U Ӆ ZXQ"+ȣ#Y V 2tXܚ 0(E{耰⢉!H{34kpý22U\zJU;OP,;w>k-}4Ӣ-h0 %5-"?X LkQ'sGŕRr#gݮcfu>:k}\W ZQa߯yUX^ :i3 9~tqߎXAm9k+sD ü |30Jјliwh^.Qm(}nL[toᔻ,P ½oivQB<RZ#h g&zGjy%8r zİ/h{~U-'e0"30ʃz5cyuLYkktݿx Wje==MrX wl>s7ѹdNsl E?9dN@u3 U s4 NP&5_p4hC>LSթ4D6sqIv=j 1='l9Ln7[rR)Y {259p\Semi̭4O7/E) Zxh U̐,<B|jb"MY1uA5`n>2V&Ob (ZKjp9ւ u^PS*zWқMO @#|t'fPH|X#:iۃ<$eU&CUT-Vr!!^ͳ!VQ]AӀ)x9Ll5Ll'`R(S&"D]Rx*3na/eg!P? i˴WՄθā0O?#[&IfYyVum4eX$5}` YV|2&ZQRj“s{@&(8-.]EQh2)nQ==յћn@h# ;wkʡf UR'9w>*%U-tWmj%wwGk3 *|@tɒ\' *BxX8YPX9H(P Yr>۷mpH3TmCXp| ^?KHHD>DQkF\{e"nxb* gF Dssbh^f{q`z o[/I6S0:;l}G]ItM58?"EC.Y۹| P8~x :# =&A"`}݇/5.iPЇ_e)X|xxْ:6?NeB*{fB,&8oIzqߵ'^y {{l:km}6#4.odhhIo0un}R|IwѻE-%{;OjdG, Y# B^ǧͦ5vpRdQȔst_z0L5)/wj_sbꅰjNj _k-W&'7hFh6[_aZXHE`|C(WktṽyBXHT dDӿh~Nke؋^s m! D78S E,$Ke=ғ2p%ڧ&' <&9xDw~mlR~C<B<Mp<&]=8,lrl%uZ;DzdNlp l_tEcrF4-K_"TS(LMàvD)fTDSeoW%zv`5gk3@ \:`Q S[ıp7߆؉ ?O.yr osל8JnLcBWTAv,3x\=K<, g61CZ=rŠ}M I+}Fz tyDo7ۨ{.|ʜ,=}![3'Zxyu?qBΛ;za's ]sOA}i^wl'HUzx P>?'$c:I"I^QԼګUdE)I}ۋNgS^q,<&nwoҁ{&-3(m#{zi-82{KN7K{ U<O72]awB%mJˢz9nhp;D%EȁqQ#y∶K`!j>b{+&bi4W3XT A#Vorl8w@rs&c#Pfp~n ֘@lll4RbhLp9٢pr[0\9f>m` \qlĨ`jox?ƖFGX#Nh<:KBgu?DI=Oz{pK(No1jJ#xBsIxĒ΀\A9VxYD>Sԧ3ӆeqD&A;-΄IOQJPߧX )tuYd{0v^dT̿zX~8",ҽ 9sLH?uC^r xS\W&r'ezωe\7c'xp_,Ch<ړ8a2/L'S-Dsjf 6 zc"bs2O 6 ^נ0HxIlH~ˉ;F(B&C2\O:K;_>l|&A|òK4(\]{7x7 I؛ y!XB&}Q4Ɔ  :oQ TPBm]m/E H- 㢡(֦# :'=-*xSOf{ga4чjmjN0Ji[)6mRJ׎eRoH@ f%Rl~D<1:lj:)._ؕJZޖJ/Ei1QxI|  T:Lf8ҥ#镄$:>tHZo*c9FVDHt^0> %BI>Gʧ4q2+T? t澄^E_@':jw%[A:a_z^9)2zJh5Pܖ*z.i`-„ڒ8c< j"Z=7!ZDz@w%IlUӧ&'U}HJK_9$jN!OFthV;ᡱ;RXGt,c+Nd!o>o>o>o>>aXzO6/ŌR?p<G`M$Mj>`z5ݣΊldsTtWf/h|xD/nG0FB$yOu Zv-jLeLΗDTGMyoIjkdm[7}zwgbw rQ|fgIiC$D @$ "!Y.ezUе@yOP/oIs/,ooyj^,)9y}0D+p\P2gX5- q[Qb_.WLtks<_%!^>6:,}tqK-LtQyU5dǣ]_~x֎hI~MA's2K!h-x_s673 [ 篇_) ^.!ߜߜߜߜߜsVV+_sV?"7%<ϮY5+pQMה`>ڂN[A19?F]aauΓ~! |D;O /wU2m̲EHb7E7hhF)c=q|+'D2xPy_k TM1% X*E98]"j9Gp뼾O7j9q%P<]k1^TǵMg ]i^ ٳ@"$  "/$E솂ίnC,҂p7Dx {kX[=fbϣ߼3Q"bAԁ=Q]?i!A@Gvmk~i[4%W\٩ aNm~+0)ث_Lol$7ZX%<}u<Y}z/OK_Kjۗf ns7 Lt &||'"?[^}w_m*N(oq5Snf6!o\ߚ1iCٝF?e<5sh~Ldb2]^Iɽ=/ `|F0-c l sM(W=~\&UQ׿f#{tѥkoJY 2VC|_~߉$&-gfc ~2oH@85kQ/NID(&w͓j8c[YƳ@X ,ջHz.;t z@`LsLM'|O /En/\VU}zA˼ fMZNܓ䭳a4b%6Y~gj w .P4y>cz aFg9ܨ`/(ou 4.NeãEA@, xqfq})6Ӣ=_@ǵ1/~f8#H{->1RWh?* O2dä 8PY=ˢ{NDNt%Q"]PVôL]%,&!-BZ]@’M=I#s1+ڊbMm@`°~PDj#@ O^a"RV./> l?QX2#A$?`m- =8ll/vxWHkcΩmjp\(.HQ,:-~e=^^@Fgw5WpkLxpP:qU3HuPb\UP*$hYjM-F5נ)؜67LyM13bcC~ll+=aJ;7^w6.W@O[jkhDP"ͪNDpdi*yP}ʳ"-* ;,OtNN:g8A[4lSKaZ$~TRU1s9b"19kj~bG޽0G{M-TZIIO!*D]3Lwh`zҧE>-^awv鮥j8`g~m%eK`!2Oo@WݹHm+nAG,l6"Ң3f;6vn!pp|Hq -gw~9~K:tX)ʒLq ͬG[Vj湐.04&nSkfMF"T75T>#V̯q}%|##lEic5|qt 6Uh%mfikxŧSS0xB! TTcЭB)˪M;InP}sY?e=` '24/x߽[!ʃZ+=Nl~C&C*p3;m#(Bu'tMx97aT0|LE}dX8TD~>h:Mx\Lu 8a< w{6̥7f?= rN⸰! CRY `Oi$~b "vFf.BT0 U2!`NvCsA.7`оU #iљ6^E<3qhK? 膇F 7N <HCO좺t9@<Q#.Yuh c>rCd#1o9gkH0 rK"|7/B!sA~b #:́ lZ0)F(ЄG#g~q79k[ 45@!<\A~cs z+?,PY G3wأ4ϓ/S5JƖvqY@y+DL͂`Aa~L­!P)awS0Zyon`:>0"(S[]ă\LofqPOnFS@ 33t f;. l9 :W 1&F > cF[7xa#KM чRyN]ƒ $B1Ӝh6sA2_7=}m^X׻SSeď/0  Ka1c~PBMФP:C KD8_]xCM YQ^""ӄ\I \QY / PIj WuGSISu0!XF39]&9nIIs5.Iw} 'RKG٩;'es95L41F;6/M&ƋBy22 gn)sS9,jO4WdȀW.}Q X\mi0? .6`JT/!bTձ4 Pl+;=V؊km9 g5^LW%!uԢz p4@Q`1D*GM&7ba߾hHﲝk&5+ۼr(2_3ʯz}i(Qރ^F9R`}y pjgB3Y~CgG(kw֗wZFQd3ˌr'Ƈ~Fg(_dmfOw~~}v3 ͠Oˌ_~OP~Q(GFyʻ0{ s?0׃2ː?=/ rqAWU@?Ӈ3߇3?d(e}G ?e>eSn&&~oon2/$)CAy3ϚWpz~;9(/'Rz UK˳C(ϐgg  z2*ϕbόW ~>{'sg+i\WKI0ntEճKL3cn5:vņ^_VD=՞bMxG,DlDZJ91baOd_ôU=QGЬa]#=D~(sҗe&ms?`fEI}@' @8_Ew9MAw*1[Wa\iٟC=G}xZLԸGpoQV" #<@qi3׃}eR 76և׽>{xu0Aח͋U}=z}ǠYP͙HÉN#~FW@jd2 Er)4螡ZȢ_ NW+4\xoc {ǙC21vNr|$UJZR[TJ=k 〈{sE\I0jpX.U&K=3 .m3^& 5ϡ'N!3pC>&J5FG P1=:1rۨ ۼx-yTyN ڎy@Vo 7Xi- RgW+B\KǙCxNڼjt1*m {{[dך:G''4WB{Vk*q.wpȉ0plFîo2e?HaCz+F2jQwh}r:W һc`ߘ0Em,w?cPxUc7"!Sqm$!1q=Gbdܖ 㠣Ռ[#|FWMPL\>O=j"6pΖlO$q޺+P %Jvu JË1> N_$v{%Bp|#$n>7!ӗ=Am-Er}7 |n[zQڗ@1a璧;4RVVХAwyH,݈ A)mW|B,[Kl`IB`t09լ`*sv=TeuMc0ŬBChp xSEz?X \ vHV(:bfUpY .Ыr!|x@NoM^O.1|ee|n4~Uf2{{:o9kn>7Q$Lyyw=LHJ B ϱɮxhlgn`Cl .3*OYF hWa! e76K((Xp^'Atm9;>BAr"#<[^ҵlAtz-Ecuݍ2JWlk%!ҮT)V" wI.)tO˞㋰CNx3AEk,^reXٿbwmpSGghp#b ut+y!.1w: fX=l׉Q#nHWTFE®,:u` {];<k{.*kW؁naTLx囸9-@>{zwn}c\:1V`]ccƫR6Ȥ{ y2 !NyyU~ҥ^.I,'_cQd+8*)ؐsk` bO1,F,oԛN*)Asa#El ;ApN9LgѼ:#K1E~rxX;~N~LʹcaPֽk xٚջU$¨C}3Ay,O>hA@`U\3|f7tZЮsq-MSga+ecPXVc.G\L*@=փ LW{څGQy6;|,݈bV"N$֊rI)9=O9*}ɦGNԌaBar kL$8 s^޳h|'/bA,r*r*]xWI"cXM?xD'W.r]+ S Sq||h/݉7,w9Κ#RI>Qlv<^Hђuz׭v]5[dEg0]\}l6n_1?iVA$7yE1em*Pvᷮ QBlS2Fu̹D/4^JB\qrHfr0>_֊VMӝ/2a-dc{͵N_ l`*