This is a javascript security question: suppose a page finds out the screen resolution of the computer, such as 1024 x 768, and want to use an AJAX call to log this data into the DB.
Is there a way to actually prevent fake data from being entered into the DB? I think whatever the HTML or Javascript does, the user can reverse engineer ...
What Javascript security techniques, issues, and limitations should be part of a programmer's skill set for solid web development?
...
I've built a Single-Sign-On system for our web network. It works like this:
User clicks a login link on the site he wants to log in to (the "Unsafe Site"). The unsafe site's ID is passed in the URL.
He ends up on the system's (called "RAS") login page. This is on it's own domain, and may in the future get HTTPS, so the user can see his...
Why do browsers apply the same origin policy to XMLHttpRequest? It's really inconvenient for developers, but it appears it does little in actually stopping hackers.
They are workarounds, they can still include javascript from outside sources (the power behind JSONP).
It seems like an outdated "feature" in a web that's largely interlinke...
Why is it that when we link to a javascript file on x.com from y.com (for example google analytics or jquery) it doesn't cause any cross domain security issues?
For example:
in y.com/index.html we have:
<script type="text/javascript" src="http://x.com/jsfile.js" />
How can we know when this is ok to do and when it's not?
...
Possible Duplicate:
Protecting client side logic & data
Hi ,
How to block other reading my java script through view source,
My thing is, now one can access my java script,
bcoz am not sure, but just guess some one from outside using some tool to changing my
javascript events,
So how to make the autenticated ,
...