shareef
Reputation: 9581
is my javascript secure
How much some one can modify a javascript to intercept the post parameters to hack or missplay
function search(tableEvent)
{
clearResults()
document.getElementById('loading').style.display = 'block';
var params = 'formAction=SearchInterviewNomineesCent';
params += '&reqNo=${param.reqNo}';
params += '&reqSeq=${param.reqSeq}';
params += '&reqClass=${param.reqClass}';
params += '&reqYear=${param.reqYear}';
params += '&relatedReqYear=${param.relatedReqYear}';
params += '&relatedReqSeq=${param.relatedReqSeq}';
params += '&relatedReqNo=${param.relatedReqNo}';
params += '&relatedReqClass=${param.relatedReqClass}';
params += '&tableEvent=' + tableEvent;
createXmlHttpObject();
sendRequestPost(http_request,'Controller',false,params);
prepareUpdateTableContents();
}
am using JAVA MVC and am curious can some one edit javascript for the above code to get a different search result by modify search criteria like reqNo and reqSeq
UPDATE: i mean here an organization with local network , so the attack would be from some employee who has access to system
Upvotes: 0
Views: 102
Answers (1)
hackartist
Reputation: 5264
First of all anyone can edit any javascript you see in the browser. They can manipulate values and what it sends to the server. Furthermore they could simply write their own code to post to your url. It isn't in the client side that you will make your system secure but on the server side.
Upvotes: 6
Related Questions
- are <script> elements a security issue in views? is there other way to pass values from model to js?
- Javascript Security
- How Secure Is This?
- Is it safe to call controller action from JavaScript with parameters?
- Secure data in JavaScript
- Improving security with JS
- How to secure EmberJS or any Javascript MVC framework?
- Security in JavaScript Code
- Javascript: How to secure your code
- How secure is my javascript, how easily can it be exploited?