SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Is Javascript a Security Risk

    Hi,

    I'm not an expert on Javascript in fact I was just reciently trying to learn it until I started reading about people that dont even have javascript turned on on their computers because they say that javascript can be a big security problem and I started wondering about these security issues.

    Is really javascript a security problem? If yes, can someone mention some of those possible problems? I simply would like to reconsidere my desition of not using Javascript in my sites and start using it since I really like the language and the cool effects you can achieve with it.

    As always thanks a lot for your help!
    Thank you very much!!!

  2. #2
    Non-Member Kalon's Avatar
    Join Date
    Aug 2010
    Location
    At my computer
    Posts
    2,012
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Generally speaking, I don't believe javascript is a major security issue and I have no problems having it turned on in my browsers when browsing the www and using it in my website development.

    Javascript, on its own, cannot access the user's file system afaik. But if a developer uses some of the IE specific "features" which do allow js to access the file system then security could be an issue. But I have never used any of those features in any of my websites and so hopefully someone else can help more regarding those. But if IE is attempting to access your file system, it will normally ask you if you are sure you want to allow this.

    Imho, a bigger risk is not having an up to date reputable anti-virus/firewall system on your pc.

  3. #3
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you for your comments!
    Thank you very much!!!

  4. #4
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What if someone hacks a website that uses Javascript, would the hacker have a better chance to use that site to populate malicious scripts?
    Thank you very much!!!

  5. #5
    Non-Member Kalon's Avatar
    Join Date
    Aug 2010
    Location
    At my computer
    Posts
    2,012
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    afaik if someone hacks a website it's probably due to a security hole in something else rather than javascript unless they have hacked through via an IE specific javascript feature which I don't know if it is even possible.

  6. #6
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, what I meant is that if a hacker has control over a certain site, could the hacker create some sort of malicious scripts using Javascript?

    Sorry if my questions don't make too much sense but I'm still a little confused even though you already clarified some of the questions I had.

    Javascript, on its own, cannot access the user's file system afaik.
    This is good to know!

    Thanks a lot!

  7. #7
    SitePoint Member
    Join Date
    Dec 2005
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I wouldn't let security issues stop you from learning Javascript, its become a integral part of the modern web.

    With will ANY programming language on networked software there can be security issues! You as the programmer have to learn about the common attacks and way to counter them.

    Quote Originally Posted by fs_tigre View Post
    Well, what I meant is that if a hacker has control over a certain site, could the hacker create some sort of malicious scripts using Javascript?
    You might want to read up on Cross-Site Scripting. Note that is not unique to having Javascript on your site.

  8. #8
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you for your comments!

    I'm talking more about some sort of virus that can be distribute via Javascript, this is pretending that the hacker has complete access to the website and can add his own code and manipulate the site as he wants, and then any user visiting this site will get infected.

    Can something like this happen because of Javascript?

    And yes I will stop worrying much about this type of problems and start learning more about the language it-self.

    Thanks a lot!
    Thank you very much!!!

  9. #9
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,501
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    If the hacker has complete access to your website, it becomes completely irrelevant if you are using JS in your website or not. He can then change anything as he sees fit.

  10. #10
    SitePoint Evangelist fs_tigre's Avatar
    Join Date
    Feb 2009
    Location
    Close to Chicago, Illinois
    Posts
    517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Make sense, thanks for your comments!
    Thank you very much!!!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •