06.01.06

Securing Your JavaScript Against Evildoers

Posted in Web Dev, AJAX, What I'm Reading, JavaScript at 9:10 pm by Spencer

What with the Ajax invasion and all, JavaScript is once again all over the damn place. The big difference now vs. the ’90s is JavaScript is doing a lot more heavy lifting and — more importantly — interacting with both host server and browser client (i.e. user’s machine) in ways heretofore (mostly) not seen. And that means along with all the cool stuff and wond’rous toys and tools comes a whole new avenue for mayhem by lowlifes, script kiddies, and really gnarly folks like the Russian mafia.

Server-side programmers — at least the good ones — are already atuned the potentially cataclysmic horrors that can be wrought via insertion attack methods, but in javaScript circles — even the upper aeries of guru-dom — awareness of such dangers is not as pronounced. This is bad.

Fortunately, A List Apart is doing its part for responsible web development (as usual) and has posted a good 2-part primer on writing secure JS code by Niklas Bivald:

Community Creators, Secure Your Code!

Community Creators, Secure Your Code! Part II

Let’s hope this is the start of a trend of articles and discussion along these lines.

Permalink

All original content -- in any format presented, or linked to, or archived here or elsewhere on this Web site -- is copyright © 1966-2008 by Spencer Sundell unless otherwise noted. All rights reserved. Such content may be revised at any time, but all versions are still copyright as above, so there. Any/all visitor comments submitted to this blog become the property of Spencer Sundell for him to do with as he pleases, but Mr. Sundell is not responsible for anything said or linked to in such comments (except that which is his own stuff, duh). On occasion this blog may quote from other sources: not only is this done on a non-commercial basis, it is believed this constitutes a "fair use" under Title 17 USC section 107 of the US Copyright Law. No claim of copyright is intended or implied for any material quoted or linked to, except as applies above. This Web site and those own or maintain it are not responsible in any way for anything that may be linked to elsewhere on the Internet. If you feel this Web site has violated your copyright, please post a comment (with your valid email address) explaining your position and we will respond appropriately and in good faith via private communication. Accessing and/or archiving any portion or fragment of this Web site by any means whatsoever constitutes acceptance of the above terms and conditions. Remember: reading is fundamental, the Constitution is the supreme law of the land, voting is a duty, dissent is patriotic no matter what the neanderthals and fascists say, and only you can prevent forest fires (unless lightning or spontaneous combustion is the cause, the latter escape clause being void if you're the jerk who negligently piled up all that flammable crap in the first place). Treat others how you would wish to be treated (if not better), or at least try really hard to. Be nice to children. Call your mother. Give a hoot, don't pollute. Please have a nice day. Or not. See if I care. Fnord.

Design by Beccary and Weblogs.us · XHTML · CSS

Mugu Brainpan

06.01.06

Securing Your JavaScript Against Evildoers

Leave a Comment

Pages

Search

Archives

Categories

Meta