0

I am making a website which involves lot of computing at the back end...I'm using Java Script at the front end and Java for the back end. Could there be any security problems because of Java Script or can I use any better front end instead of Java Script to make website better?

Improve this question
4
  • what else do you want to use on the client side ? there is no other option. Commented Feb 15, 2012 at 9:49
  • @EvilP: Flash? Applets? JavaFX? Silverlight? non-scripted HTML? Commented Feb 15, 2012 at 9:51
  • who the hell uses Flash ? I mean yeah it was a common way and still its available but its ensecure and not needed anymore because there are more flexible ways to achieve those tasks where flash was needed. Other points good answer ! didn't thought about that. Commented Feb 15, 2012 at 9:54
  • 1
    Lots of people use Flash. What "more flexible" ways are there to have cross-browser DRMed video playback? Or webcam/mic capturing? Commented Feb 15, 2012 at 10:01

2 Answers 2

Reset to default
1

The biggest potential security problem with Javascript has nothing to do with Javascript (and also applies for "dumb" websites): If you think that the end user will only use your "official" client code, and as a result blindly trust the Javascript code with security-relevant information, then you have a security problem.

  • You need to validate all data on the server. The user can make his browser send whatever data he wants, whenever he wants. He does not even have to use a browser (could be a completely hacked-together tool).

  • You must not put "secret" data into the client code. Even if it is not directly visible in the browser, the resourceful user can see it.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Could there be any security problems because of JavaScript

Not intrinsically. You could introduce security problems by writing insecure code, but that is try of any language.

can I use any better front end instead of JavaScript to make website better?

Other options for client-side programming require browser plugins (such as Flash) or specific browsers (such as IE for VBScript).

You might not need any client side programming, and any JS you do write should be progressive and unobtrusive.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.