On Feb 6, 4:37 pm, "Lucas Kruijswijk"
wrote:
> Hello all,
The words password and JavaScript send a chill down my spine. Remember> I have a security question. Instead of heaving a session key,
> I was thinking to hold the password of some application in
> a Javascript variable.
> Each time a http (or https) request is send from Javascript,
> I also send the password. The server checks the password
> and sends back the result.
anything you write in JavaScript can be view with a simple click on
view source. JavaScript is for manipulating DOM creating dynamic
pages. Security is something always best kept to a computer you know
(eg. the server) rather than the user's computer you know nothing
about.
> In this way, no need for session.
> Is there a security problem with this kind of programming?
> The only thing I could think of, is that in Firefox and firebug
> someone could access the variable to get the password. But
> that is a risk I take.
> I am more concerned that some evil website could steal the
> password by some other Javascript. But I could not find
> a way, so, I assume this is rather safe.
> Or, does someone disagree?
> Regards,
The full posting is on
link
No comments:
Post a Comment