TAILIEUCHUNG - Ebook Ajax security: Part 1

(BQ) Part 2 book "Ajax security" has contents: Attacking client side storage, offline ajax applications, request origin issues, web mashups and aggregators, web mashups and aggregators, javascript worms, testing ajax applications, analysis of ajax frameworks. | 8 Attacking Client-Side Storage Myth: The client’s machine is a safe place to store data. There are several security issues when Ajax applications store data on the client. Not only is client-side storage easily viewed or modified by an attacker, client-side storage methods can also leak access to these storage spaces to untrusted third parties. This can allow an attacker to remotely read all offline data stored on the client by an Ajax application. Even security-conscious developers who explicitly avoid putting sensitive data in client-side storage systems can inadvertently do so when they use client-side storage to cache data tables or trees. Only by fully understanding the access methods of each clientside storage method and implementing expiration policies and proper access control can a developer truly secure an Ajax application that utilizes client-side storage. OVERVIEW OF CLIENT-SIDE STORAGE SYSTEMS The client-side portions of Web applications have been hobbled from fully participating as major components of an application by four roadblocks: • • • Sufficient penetration of (semi-) standards compliant browsers allowing developers to easily write cross-platform client-side programs Sufficient penetration of personal computers fast enough to parse and interpret large and complex client-side programs A means to transmit data back and forth between the client and server without interrupting the user’s experience 201 CHAPTER 8 • ATTACKING CLIENT-SIDE STORAGE A large, persistent data storage system on the client to persist the input and output of our computations between different pages The first requirement was satisfied by time as Web standards matured and Web developers and users pressured the browser manufactures to conform to standards. It is now far easier to write cross-browser JavaScript than in the Web dark ages of the 1990s. Moore’s Law, which states computing power doubles every 18 months, took care of the second requirement. Modern .

TAILIEUCHUNG - Chia sẻ tài liệu không giới hạn
Địa chỉ : 444 Hoang Hoa Tham, Hanoi, Viet Nam
Website : tailieuchung.com
Email : tailieuchung20@gmail.com
Tailieuchung.com là thư viện tài liệu trực tuyến, nơi chia sẽ trao đổi hàng triệu tài liệu như luận văn đồ án, sách, giáo trình, đề thi.
Chúng tôi không chịu trách nhiệm liên quan đến các vấn đề bản quyền nội dung tài liệu được thành viên tự nguyện đăng tải lên, nếu phát hiện thấy tài liệu xấu hoặc tài liệu có bản quyền xin hãy email cho chúng tôi.
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.