Ajax uses Javascript to store variables on the client as part of its transactional code; in a buy-sell environment, for instance, Ajax stores pricing information on client rather than on the server, according to Bryan Sullivan, a senior research engineer at SPI Dynamics. In this architecture, a hacker could use a browser and a script debugger to change the pricing information within the browser, without the server-side code realizing it, he said.
The problem is "code on the client is out of [the developer's] control," he said. By being able to "view" the client-side code, a hacker could thus make changes to it. This would be particularly devastating in an e-commerce environment, he noted.
Sullivan's warning: "Don't put the secrets of your business in an Ajax/Javascript application."