| With the popularity of the Internet and the rapid development of information technology, Web application is becoming an integral part of the information age. From a simple text message to increasingly rich and varied world wide network today , we see a network with powerful charm and unlimited potential, from the birth of the network to today,the investigation of the web application development has never stopped, meanwhile the continuously rich Web develop technology makes a vast space to develop the web application.AJAX that is a new asynchronous interactive WEB develop technology in WEB2.0 era is different from the past develop web technologies that we are familiar with, it accurately is not a technique, but rather a series of complex technologies, In some ways, it provides a new Web development design method that is essential different from the traditional methods, that is, the implement of the web application has the advantage of desktop applications--- a new development approach. AJAX --- the characteristics of the design of a web application indicates the arrival of a new generation of Web applications.In the WEB2.0 era, AJAX as one of the key technologies is of great importance to many developers, an increasing number of WEB sites based on the technology or partly built by the technology. However, AJAX brings the rich client experience,at the same time, it has brought more security risks. WEB server may be invaded and destructed by hacker. The most common WEB attacks are denial service attacks and SQL injection attacks, and the most majority of the attacks can be successful due to loopholes in the system design. AJAX framework for the system because of its special structure, is easier to bring such vulnerability.AJAX, RIA, as well as Web services applications space is three important vector technologies of WEB2.0. These promising technologies bring a new experience and strengthen the application of the network's overall efficiency and effectiveness. These new technologies bring new security problems. Ignoring these issues would lead the whole WEB world to tremendous disaster.This paper, by analyzing the AJAX security vulnerabilities, inducting the service layer to AJAX development, brings forward a new concept ---ASSL (AJAX secure service layer).By analyzing the safety and feasibility of ASSL, it comes to a new development model in AJAX applications, which is to create AJAX services layer in AJAX develop. Using HTTP to implement the SSL transmission improves efficiency and reduces development costs to the original HTTPS, and as the core components of the service layer ---ASSL components.Finally, the paper relies on the Chongqing information security Technology Center's information system case (hereinafter referred to as: Case System), combines with China's colleges and universities'system characteristics. The AJAX security develop model used in actual projects, the test results of the project comparing with the traditional model makes the result that the development of this model really has made some headway to traditional development model, where is the value of this paper. |
PDF Full Text Request