Re: Yet another Disturbing type of Exploit

[Jason Rodrigues <..hidden..>]

On Thursday 19 April 2007 13:05, Chris Travers wrote:
> > Obviously LSMB would not be susceptible to buffer overflows, but every
> > day I see more and more seriously negative stuff about javascript.
> > My understanding is that LSMB development is going to add a lot of
> > javascript based web 2.0/ajax type stuff, which IS wonderful to use.
> > Are there plans for the new interfaces to "degrade gracefully" without
> > loss of function (some loss of convenience couldn't be avoided), if a
> > person found that javascript HAD to be turned off and kept off because
> > of non-LSMB security issues?

Several of the core developers (with good reason) have access to, and insist 
on a gracefully degraded interface for lower-end hardware, such as hand held 
scanners, and low-memory/low-resolution workstations.  This is something we 
will maintain throughout the development process.

I am not a security researchers, but I suspect a good many of those attacks on 
AJAX interfaces are because the interface on the server side of things are 
far too trusting.  

I think the REST API we're planning will go a long way to mitigate these types 
of attacks, because input is validated, translated, and even then only 
permitted to mutate server data in specific ways.  (But also note, we don't 
claim invincibility... yet  :))  I also think the REST interface will also 
help enforce a degradeable interface since it will only allow access to 
arbitrary objects, and discourage arbitrary actions. (Besides GET, PUT, POST, 
DELETE)

Jason