Tagged Questions
0
votes
2answers
54 views
Securing client->database game
OK, I am creating a game using JavaScript and HTML5. The variables such as map, x, y, level, exp, etc are stored in JavaScript to keep track. On my client page, the JavaScript variables are stored to ...
1
vote
2answers
58 views
Provide a URL to a CouchDB document attachment without giving the username/password?
I posted this question on DBA, but it got closed and was never reopened even after I rewrote the whole thing to be more specific. I think its more appropriate for programmers anyway :)
Background ...
5
votes
1answer
123 views
Means for (legit) cross-site scripting
Are there good means for allowing scripts from two or more domains to collaborate in the same browser page? I want to create an extensible platform, where I provide the model and some views, but also ...
0
votes
1answer
150 views
Why hasn't Caja been popular?
Google released Caja around 2008(Capability JavaScript). It is still mainly a laboratory language. But XSS and other attacks would be prevented if there was widespread integration of Caja.
-2
votes
1answer
101 views
How is JavaScript insecure, and what are the main methods used to deal with that?
I just read about Caja, which is a "sanitized" version of JavaScript. But I'm wondering - what is the big problem with JavaScript(it seems so widely used )? Just how dangerous is it?
11
votes
8answers
2k views
Why almost no webpages hash passwords in the client before submitting (and hashing them again on the server), as to “protect” against password reuse?
Relevant XKCD
There are many sites on the Internet that require login information, and the only way to protect against password reusing is the "promise" that the passwords are hashed on the server, ...
4
votes
6answers
1k views
How secure is localstorage?
The question says it all really. I want to provide a service but I do not want to store any of the data myself in a database. With all the recent news of hacking etc it seems to me that it is nicer ...
1
vote
1answer
697 views
How to generate nonce for Ajax web requests
As many of you know WordPress uses "secret key" like thing for every AJAX request. Making each request unique and also 'somewhat' secure (just a step ahead than nothing). How would I implement the ...
0
votes
2answers
114 views
Why don't browsers have the ability to differentiate between events triggered via input devices and scripts ex: element.onEvent()?
Why don't browsers have the ability to differentiate between events triggered via input devices and scripts ex: element.onEvent()? Wouldn't this be a very simple way counter attack web spam bots? Or ...
