Google JSON issue

I’m not a big fan of Google’s engineers in general, but this one is an excellent example of Google just being stupid:

Apparently, the Google engineering genius decided that it wasn’t important to ensure the request coming in VIA an AJAX request had the correct user session cookie and that the users session was still valid on the server. No…. Instead they just decided that this and probably hundreds of other AJAX requests didn’t need any security and just worked no matter who the requesting client was. This is web programming 101 folks. Since the browser (user-agent) must provide the same cookies for an AJAX request as it does a normal request, there is NO reason a web application shouldn’t secure AJAX requests as it does normal requests using the in-memory session cookie.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s