This week's book giveaway is in the OCPJP forum. We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line! See this thread for details.
The following are my concerns when using AJAX in my LDAP protected web application:
1) Is it OK to use AJAX in LDAP protected web application?
2) Are there implications on the security of data when using AJAX?
3) How do I handle POST requests when using AJAX in protected web application?
4) What are the pros and cons of using AJAX in protected application?
Your answers to the above issues will be highly appreciated.
You need to protect all requests, not just AJAX ones. So everything you do for all your other pages applies to AJAX. Especially the parts about validating input request data (against hackers) and response data (against JSON injection.)