I dont think this is the right spot for this but it is theory so here it goes
I been hearing some stuff and have seen a few pages talking about developers trying to get js and php to run more closely and i think this is a bad idea for security reasons. Imagine if js was developed to use and/or read php variables. That would mean any type of xss attack could read variables and output them to the attacker and the admin would not have much of a chance of noticing it. Also for big open source projects where all variables can easily be looked up by checking the souce this could be a huge problem for example an attacker could document.write($DbPassword) and have the mysql details of the site.
Also if developers used php variables in javascript and someone edited the html source there could be all sorts of manipulation problems/authentication bypasses and more problems of gaining passwords and usernames.
Has anyone else been hearing/seeing about these two languages merging more closely and/or thought of the security consequences of such an action.
js and php intertwine
Moderator: General Moderators
-
thegreatone2176
- Forum Contributor
- Posts: 102
- Joined: Sun Jul 11, 2004 1:27 pm
- CoderGoblin
- DevNet Resident
- Posts: 1425
- Joined: Tue Mar 16, 2004 10:03 am
- Location: Aachen, Germany
One link:
Sitepoint Article
I seem to remember seeing another link somewhere on these forums the other day but cannot remember where unfortunately. Security with this kind of processing is a potential problem at the moment.
Sitepoint Article
I seem to remember seeing another link somewhere on these forums the other day but cannot remember where unfortunately. Security with this kind of processing is a potential problem at the moment.