tags:

views:

131

answers:

2
+1  Q: 

Security issue of extjs

how can i convince my client that extjs is safe to use ??? or Better how can i assure my programming is safe in extjs-3.x , so that data donot get into wrong hands or cannot be hacked or if somebody download my website javascript by some tool on desktop how will i makesure it will not run and many more ??? like sql injection

+4  A: 

I would highly recommend this book. Your security has very little to do with the JS framework you choose, and almost everything to do with the practices that you, the programmer, follow in your apps.

bmoeskau  2010-07-24 15:51:22
+4  A: 

bmoeskau's book recommendation looks good. I wasn't aware of that title, but I think I'm going to go buy it.

Building on the second part of his answer, you'll want to ensure that you fully understand what you're doing. Please don't take offense, but your question suggests that you don't have a very complete grasp of how these kinds of applications work.

In any web-based application, you cannot trust the client. It doesn't matter if the client is plain old HTML, some kind of AJAXified DHTML, a completely ExtJS-driven applicaiton, a Flash movie, or a native desktop application. They're all clients, and they're all trivially corruptible.

Your server-side code is where you defend yourself. Always. No exceptions. Ever.

Worried about SQL Injection (as you should be)? -- Protect against it on the server. (If you're writing client code that creates SQL and sends it to the server, you're almost certainly very, very wrong).

Need to make sure only certain users see/touch certain data? -- You need a solid authentication/authorization framework on the server.

You should also be worried about CSRF -- Again, the server-side architecture needs to protect against it.

Anyone using your app will have all your Javascript code on their local machine. That's a fact of life. And that's exactly why you never trust the client.

Almost every vulnerability that can affect an ExtJS-based app can affect any other app as well.

So, you can tell your client that ExtJS is no more or less secure than any other client-side technology. That's because security is the server-side code's job, and not the client.

To avoid these vulnerabilities, you need to read, comprehend, and write your code thoughtfully. No matter what libraries or technologies you're using.

timdev  2010-07-24 22:48:08

related questions

GWT - GXT - How to get Radio Button Value ?
Using XTemplate with SimpleStore in Ext
ExtJS and jQuery in ASP.NET
Needing an ExtJS bug workaround
ExtJS with Squash Javascript Obfuscator
EXtjs Grid Filters
Best way to learn Ext JS for use with ASP.NET?
Javascript library for building desktop-like web application: ExtJS, jQuery, YahooUI, Mocha, SproutCore, Cappuccino, others?
Is there a map() function in ExtJS?
Returning data from ASP.net to an ExtJS Grid
What is the smallest ExtJS package?
Ext Js and Adobe Air
Using ExtJS in ASP.NET
How do you clear a tree in ExtJs?
Creating a sortable tree/grid in Javascript
What is the best practice to use ExtJS with Asp.net and WCF in .NET 3.5?
The dangers of using ExtJS on a big project with RoR?
Ext.form.FormPanel and form submission
Any suggestions for testing extjs code in a browser, preferably with selenium?
Width issue with Ext.Panel bbar in IE 6
Rendering suggested values from an ext Combobox to an element in the DOM
How can I save some JavaScript state information back to my server onUnload?
What is the best way to use Ext JS as part of Java / Spring / Hibernate based web application?
Best Way to Organize an ExtJS Project
Javascript tree views that support multiple item drag/drop