Reputation: 5893
Iframe Security Issues
We recently had a scenario in which an iframe snippet on a server A was pointing to url on server B. There were some malwares being installed by server A on some clients. Can this iframe be the cause. As in hacker injected his url in the iframe's src. What can be the alternatives to iframe etc.
Upvotes: 1
Views: 9877
Answers (4)
Reputation: 5403
Unless you're running code inside of the iFrame, which you really shouldn't be, it would be a good idea to disable that iFrame from running any code.
Upvotes: 0
Reputation: 13028
Generally IFrame whose content comes from a different domain cannot access the DOM of the parent web site - due to cross domain scripting restrictions. There were lots of bugs involving browsers not implementing such restrictions properly, so an out-of-date client browser might be the cause.
Upvotes: 2
Reputation: 56490
If a hacker is able to change the URL an iframe points to on your site then the iframe is not the problem, your code is.
Any web site could serve up malware, but you have indicated that the hacker has attacked your site and changed the src attribute of the iframe, not the site serving the iframe contents. Even if you replaced an iframe with something else the fact that an attacker has managed to get to the data behind your web site used to generate the page means that they could not limit themselves to iframes, but embed other tactics, such as a redirect, or a hidden link which is clicked by javascript or any other type of common nasty.
Upvotes: 2
Related Questions
- iframe js issues
- Apply security checks on <iframe>
- How to Secure iframe source
- Unsure if website has been hacked with iframe
- Making a Same Domain iframe Secure
- How do I counter iframe security problems?
- preventing iframe security issue
- Java script in IFRAME security issues
- iframe security
- How to prevent Iframe hack