CodingMicrosoft Technology Presentation

  

Press Ctrl+Enter to quickly submit your post
Quick Reply  
 
 
  
 From:  THERE IS NO GOD BUT (RENDLE)   29 Jun 2007 16:27 
 To:  Peter (BOUGHTONP)      9 of 11 
32731.9 In reply to 32731.8 

The JSON exploits are more to do with executing malicious code on the client than the server. If you have an AJAX-enabled community-content web app which uses JSON to transport data, and you can discover the object notation, you can replace chunks of it with executable Javascript which will then get eval'd on the client and could do all sorts of nasty stuff.

 

Again, making sure the stuff is properly escaped on the server before sending it prevents this kind of thing, but XML/SOAP fans would argue that it's better if the vulnerability doesn't exist at all.
0/0
 Reply   Quote More 

 From:  Rich    30 Jun 2007 00:55 
 To:  Peter (BOUGHTONP)      10 of 11 
32731.10 In reply to 32731.8 

Rendle's doing a better job of explaining this than I am.

 

Mr Rendle: Yes, the new stuff does look awesome. I'm officially converted from Microsoft hater to Microsoft lover. It's that good.

Rich - e - w - m
0/0
 Reply   Quote More 

 From:  Izziwizzi (JAMES)   2 Jul 2007 06:07 
 To:  ALL 11 of 11 
32731.11 In reply to 32731.10 
You all need to get out more. Go de-tune some pianos or something.

0/0
 Reply   Quote More 

Reply to All    
 

1–11

Rate my interest:

Adjust text size : Smaller 10 Larger

Beehive Forum 1.5.2 |  FAQ |  Docs |  Support |  Donate! ©2002 - 2024 Project Beehive Forum

Forum Stats