Restricting Access to your AJAX Services
Services like the XmlHttpProxy for Java are designed to return javascript that is evaluated on the client. Unfortunately, if you are not careful with the design of your services, JSONP techniques could be used to hijack your services. While I’m not saying JSONP is bad, I do highly recommend you carefully track, limit, or restrict access to your application’s services to javascript clients. Here are some strategies for doing this.