Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
June 16, 2006
4 Min Read
The Yamanner worm that infested Yahoo Mail last week was quickly squashed. In the 24-hour period it thrived, though, the worm provided a glimpse of what's in store for Internet users unless companies apply strict measures when building Web applications with techniques such as Ajax.
"This kind of worm shouldn't be a surprise to anyone," says David Wagner, assistant professor of computer science at the University of California at Berkeley. We'll see more such worms and viruses as long as Web sites and companies implement Ajax applications without understanding their vulnerabilities, he predicts.
With a more conventional Web application, a user would, for example, fill out an online form to apply for a bank account and submit that form for approval. A programmer could add Ajax or Web services capabilities to that application so it immediately alerts the user if information is entered improperly in certain fields, even before the form is submitted. Such Web services need to contact a database, which can expose vulnerabilities like a SQL injection. "Most developers will throw a Web service up, make a database call that is probably SQL-injectable, and have no session authentication to protect the transaction," says Caleb Sima, CTO at SPI Dynamics.
These are problems Web programmers can solve, as long as they recognize the risks and address them. Expect more bumps and break-ins along that learning curve.
About the Author(s)
Editor at Large, Cloud
Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive Week. He is a graduate of Syracuse University where he obtained a bachelor's degree in journalism. He joined the publication in 2003.
You May Also Like