tags:

views:

131

answers:

2

how can i convince my client that extjs is safe to use ??? or Better how can i assure my programming is safe in extjs-3.x , so that data donot get into wrong hands or cannot be hacked or if somebody download my website javascript by some tool on desktop how will i makesure it will not run and many more ??? like sql injection

+4  A: 

I would highly recommend this book. Your security has very little to do with the JS framework you choose, and almost everything to do with the practices that you, the programmer, follow in your apps.

bmoeskau
+4  A: 

bmoeskau's book recommendation looks good. I wasn't aware of that title, but I think I'm going to go buy it.

Building on the second part of his answer, you'll want to ensure that you fully understand what you're doing. Please don't take offense, but your question suggests that you don't have a very complete grasp of how these kinds of applications work.

In any web-based application, you cannot trust the client. It doesn't matter if the client is plain old HTML, some kind of AJAXified DHTML, a completely ExtJS-driven applicaiton, a Flash movie, or a native desktop application. They're all clients, and they're all trivially corruptible.

Your server-side code is where you defend yourself. Always. No exceptions. Ever.

Worried about SQL Injection (as you should be)? -- Protect against it on the server. (If you're writing client code that creates SQL and sends it to the server, you're almost certainly very, very wrong).

Need to make sure only certain users see/touch certain data? -- You need a solid authentication/authorization framework on the server.

You should also be worried about CSRF -- Again, the server-side architecture needs to protect against it.

Anyone using your app will have all your Javascript code on their local machine. That's a fact of life. And that's exactly why you never trust the client.

Almost every vulnerability that can affect an ExtJS-based app can affect any other app as well.

So, you can tell your client that ExtJS is no more or less secure than any other client-side technology. That's because security is the server-side code's job, and not the client.

To avoid these vulnerabilities, you need to read, comprehend, and write your code thoughtfully. No matter what libraries or technologies you're using.

timdev