Yes, there are security issues with AJAX (Asynchronous JavaScript and XML) but they can be overcome, an IT official said at TheServerSide Java Symposium on Thursday evening.“The usability benefits of AJAX are tremendous and as we’ve seen, the inherent security limtations of AJAX are no greater than the inherent security limitations of Web 1.0,” said Ted Goddard, senior software architect at Icesoft.Security measures to be taken include not hand-coding SQL in a manner such that user input going through SQL would open up a vulnerability to SQL injection attacks. Also, arbitrary user input should not be permitted to come out via HTML into the page, because this opens up a vulnerability to JavaScript injection, Goddard said. Developers should use the Java persistence layer together with a framework. AJAX frameworks such as Dojo or Icesoft’s Icefaces can assist with security. But each framework varies as far as its security strengths, according to Goddard. “It has to be the case that the framework that you use naturally leads people to build secure apps,” Goddard said. During a presentation on Thursday, Goddard noted security issues that can occur with Web applications, such as denial of service attacks and cross-site scripting vulnerabilities. Software Development