File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes HTML, CSS and JavaScript and the fly likes about Prototype JavaScript Framework? Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of Practical Unit Testing with TestNG and Mockito this week in the Testing forum!
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Reply Bookmark "about Prototype JavaScript Framework?" Watch "about Prototype JavaScript Framework?" New topic
Author

about Prototype JavaScript Framework?

Muhammad Saifuddin
Ranch Hand

Joined: Dec 06, 2005
Posts: 1291

I like...
jQuery Netbeans IDE Windows
posted private message
0
Quote
hi authors,

all these thread are already discussed topics about the Prototype and Scriptaculous libraries. I want to know that this type libraries which are created on javascript language... how far it will be secure for our web application.

I mean by using these libraries some times developer need to manipulate this data by using these libraries from the database layer.

My Question is about the security behalf of using these libraries ?

Thanks in Advance

Saifuddin..
[Linkedin] How To Ask Questions On JavaRanch My OpenSource
David C. Crane
author
Ranch Hand

Joined: Oct 13, 2005
Posts: 59
posted private message
0
Quote
Hi Saif,

Using Ajax, you are exposing data from the database to the user, just as you are doing so in a classic web application. It's possible to create huge security holes, but also possible to avoid them.

Golden rule: don't validate ONLY on the client. It's a matter of style, judgement and the nature of your app how much of the app logic you write on the client, but always ALWAYS re-check any important stuff on the server. It is possible to meddle around with the Javascript using tools like Firebug and Greasemonkey (which have perfectly valid uses too, I hasten to add!).

Beyond that, use common sense. Set up a Facade layer, and only expose those coarse-grained, high-level functions to the web user, never your actual domain model. (This introduces architectural issues of tight coupling anyway, as well as multioplying the number of potential security risks).

Cheers,

Dave

---<br />Author of...<br />'Ajax in Action' <a href="http://manning.com/crane" target="_blank" rel="nofollow">http://manning.com/crane</a><br />'Prototype & Scriptaculous in Action'<br /><a href="http://manning.com/crane3" target="_blank" rel="nofollow">http://manning.com/crane3</a><br />'Ajax in Practice'<br /><a href="http://manning.com/crane2" target="_blank" rel="nofollow">http://manning.com/crane2</a>
 
 
subject: about Prototype JavaScript Framework?
 
Threads others viewed
What the purpose of libraries ?
h:form and mouseover
Standard Javascript library API
why interaction with server using javascript is difficult
problem in refreshing
WebSphere development made easy
without the weight of IBM tools
http://www.myeclipseide.com