In my travels I participated in some URL hacks and I saw some of the Dev Devs in some browsers Time to ask me to ask this question.
Is the hacks or tools that snatched javascript functions and / or the user allowed to populate their own arguments and run the function?
Now it certainly does not mean that you filter a clear hole that globs global protection globally; Nor do I mean that form injection hacks are basically
Before hitting any input server script, I use a lot of XML httprequest posts and delimited strings, using php preg_match for each original post for different characters. . Register Global - & gt; Close. Although I think I am searching for things, I can adjust some functions that are safe for me.
IE .. I do not want that task to be called 1000 times in a row, as the tool is a dish, but I do not want to ruin resources when some things are safe.
Not only am I asking this for security reasons but also for asking size and optimization reasons.
I think a packet sniffer / interceptor / sender may be enabled but I'm not 100% sure. Besides, I'm not sure that the need will be as big as counting for the call To get to the length that can affect the server performance, if it can not be IE .. Monitor XML on the server.
For the //////////// //////////
context, a device that I just participated in Had the ability to redirect in what is in the query in an .htaccess file. I think this is not proof of evidence and it is just a tool for many people. However it can protect against url atacks. It seems that it can reduce the load by redirection when the apache call prevents the loading of the .htaccess file to a successful catch. .
So you have to first ask yourself: Where is the attacker and what is the surface of the attack? The user is always able to access all javascript, and he is free to manipulate this javascript although he likes (). A user is free to block any HTTP request and modify this request, though they will (). Javascript function that runs on the browser is not in any way form of shape or any attack surface, and it will never happen. Nobody cares about that which is implementing the JS function, because it is not an abusive situation. The real security question you have to ask yourself is: "Is your application weak?"
No comments:
Post a Comment