I’m not an expert on Javascript in fact I was just reciently trying to learn it until I started reading about people that dont even have javascript turned on on their computers because they say that javascript can be a big security problem and I started wondering about these security issues.
Is really javascript a security problem? If yes, can someone mention some of those possible problems? I simply would like to reconsidere my desition of not using Javascript in my sites and start using it since I really like the language and the cool effects you can achieve with it.
Generally speaking, I don’t believe javascript is a major security issue and I have no problems having it turned on in my browsers when browsing the www and using it in my website development.
Javascript, on its own, cannot access the user’s file system afaik. But if a developer uses some of the IE specific “features” which do allow js to access the file system then security could be an issue. But I have never used any of those features in any of my websites and so hopefully someone else can help more regarding those. But if IE is attempting to access your file system, it will normally ask you if you are sure you want to allow this.
Imho, a bigger risk is not having an up to date reputable anti-virus/firewall system on your pc.
afaik if someone hacks a website it’s probably due to a security hole in something else rather than javascript unless they have hacked through via an IE specific javascript feature which I don’t know if it is even possible.
I wouldn’t let security issues stop you from learning Javascript, its become a integral part of the modern web.
With will ANY programming language on networked software there can be security issues! You as the programmer have to learn about the common attacks and way to counter them.
You might want to read up on Cross-Site Scripting. Note that is not unique to having Javascript on your site.
I’m talking more about some sort of virus that can be distribute via Javascript, this is pretending that the hacker has complete access to the website and can add his own code and manipulate the site as he wants, and then any user visiting this site will get infected.
Can something like this happen because of Javascript?
And yes I will stop worrying much about this type of problems and start learning more about the language it-self.
If the hacker has complete access to your website, it becomes completely irrelevant if you are using JS in your website or not. He can then change anything as he sees fit.