Simple Machines Blogs > Developers' Blog
jQuery FTW!
Fustrate:
You should never depend on client-side code for security. Always assume that anything the user can touch is insecure and has been altered maliciously.
That being said, using jQuery over regular javascript doesn't add any security holes to your server. You have to have bad server-side code running, and even then you can exploit the same holes in that server-side code with plain old javascript.
GravuTrad:
Being dependant of other software is always a security risk in more. then more dependances too. That's why unknown woudn't use 3rd party codes...
Joshua Dickerson:
Everything is a security risk. There is a risk in everything you do. You risk breaking your ankle by taking a step forward, does that stop you from walking?
emanuele:
You are relying on the linux kernel (or the windows one), on the particular distribution you are using (or the particular version of windows), then on apache, mysql/postgre/sqlite, php... am I missing anything? Any of those has (for sure something is there, not yet discovered, but it's there) for sure a more problematic (being server side) security hole than any bug jQuery can have. ;)
IMHO of course.
AngelinaBelle:
I think the issue is that jQuery gives you tools that, if you are not careful, you can really open yourself up to XSS attacks which are fired off when a user on your site clicks a malicious link -- on your site. Which is easy to arrange if your site is a forum (or GMail, which is where the vulnerability was first discovered). The malicious site has access to the users' session cookie because it is accessed through the same browser session. It can send an HTTP request for JSON data to your site, that only the victim should be able to use. Like the victim's contact list. Anything the website can serve up can be captured and parsed. Pure JSON-formatted files are especially vulnerable. Since there have been requests for more AJAXy kind of stuff in the future, this could be relevant. The malicious website javascript can then do many things with that data -- email it to a bad guy, for example.
http://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/
http://insecureweb.com/javascript/secure-your-ajax-request-with-jquery/
The exploit's discoverer gives 3 ways to combat this type of attack, but discovers there are ways around at least 2 of them.
http://jeremiahgrossman.blogspot.com/2006/01/advanced-web-attack-techniques-using.html
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version