I enjoyed this post by my friends at port80software on Eweeks asseement of AJAX security.

Fear, Uncertainty and Doubt in Web 2.0

Features such jewels as:

eWEEK should be ashamed of statements like:

"By exploiting shortcomings in AJAX programmers' work, hackers may also be able to gain access to Web applications themselves and wreak havoc with online businesses." 

OK, I know fear mongering sells magazines, but let's rephrase that to ridicule eWEEK properly:

"Bad guys can do bad things if they can get into your site because you didn't do things right."

and

You can see eWEEK’s clear misunderstanding here:

"Now [an attacker] is inside your application and can create a pipeline that allows them to see all the function names, variables and parameters of your site," Hoffman said."

Hello? Inside the application?  When I view Amazon.com or any other site, I am inside their application, by this way of thinking.

---

By in large, I agree with the sentiment that there is far too much fear mongering going on. I have a lot to say on this topic. More later.

-brett