Tagged Questions
6
votes
2answers
65 views
Making a Same Domain iframe Secure
tl;dr Can I execute un-trusted scripts on an iframe safely?
Back story:
I'm trying to make secure JSONP requests. A lot of older browsers do not support Web Workers which means that the current ...
2
votes
3answers
72 views
how to secure my javascript client in which users will fill their passwords
How I have a basic javascript registration form which sends the password that an user has filled to a secure axis2 web service (which stores the salted hash of the password in a database).
Mu ...
0
votes
0answers
38 views
How to hide victim pop-up in clickjacking?
I am testing a web application for click-jacking vulnerability. The attack works fine for single clicks, however i am trying to delete a file and the hidden frame (victim) throws a pop-up ...
-1
votes
1answer
45 views
Client browser identity using javascript
I have a specific case for my application. I need a unique identity from every client device that accesses my application.A server generated sessionID is not going to help me.
I dont want to rely on ...
1
vote
1answer
47 views
How to know the exact time a user submitted a form
We're building an online test with individually timed questions. The questions are a series of forms which the users must complete within a pre-determined number of seconds. Although the users will ...
0
votes
4answers
156 views
Encryption of the link address <a href="http://www.mycompany.com> so it does not appear in source view on IE toolbar
This is probably a simple question but I can't seem to find what I am looking for on the web so here it goes. I have a link on my company INTRAnet site that senior management does not want the ...
0
votes
1answer
102 views
Should my jquery code be visible to everyone
I know I can't hide it. But I just want to be sure that I am doing this thing right.
I have a master view where I render a few partial views:
@{
ViewBag.Title = "Index";
}
...
...
0
votes
2answers
63 views
PHP: <script> tag echoed from $_POST is mysteriously blocked
I'm trying to test information I learned regarding PHP security. I have a simple HTML5 page with a POST form and a single textarea input, where I input the following JS code:
<script>var x = 5; ...
-1
votes
2answers
111 views
How to prevent a web based game from being hacked? [closed]
I need to build a web based (html/js) game where the user earns/scores points. At the end of the game, the user enters their details on a form and it, along with their score, are submitted to the ...
3
votes
2answers
105 views
Can the source of a JavaScript file loaded into a web-page via a <script> tag be read by other JavaScript in that page?
I'm looking at CSRF prevention, and I have a question about a GET URL that returns JSON, and whether or not the data returned by that URL could be accessed via a third-party web-page.
For example, ...
0
votes
2answers
263 views
Anti-Captcha Using Mouse detection
I want to know if it is possible to create a secure human detection mechanism (not using captcha) for a form with just javascript to detect mouse movement since jquery nor operating system code can ...
0
votes
1answer
79 views
Javascript how to hide Consumer Key and Sercret in WebApp?
I am building a webapp which is supported by Parse as the backend. When using Parse, I have to add Consumer key and secret to every request. As we know, if we use Parse in iOS or Android App, it is ok ...
2
votes
6answers
481 views
Preventing bot form submission
I'm trying to figure out a good way to prevent bots from submitting my form, while keeping the process simple. I've read several great ideas, but I thought about adding a confirm option when the form ...
0
votes
2answers
88 views
Best practices for hashing a password without using SSL
I know this question sounds like it might already be answered but stay with me. I have a website that needs users to sign up and log in. In this process, lets take sign up the user would provide a ...
0
votes
2answers
85 views
Guidance on Database Access best practices
I have recently inherited control of a web application (primarily PHP, but also a good chunk of JavaScript) at my workplace. One of my top priorities is to make sure that the application is secure. ...
0
votes
3answers
123 views
How can I secure my website from injections (Cookie editing)
I'm using cookies in my Java EE application (jQuery on the client) and while taking security as a key point, I came to know that one can read the cookies and edit them by reading article's. I'm really ...
1
vote
1answer
108 views
Unsafe JavaScript attempt to access with frame
when i using Iframe and try to access different URL(same domain) into iframe, Am getting an error - Unsafe JavaScript attempt to access frame
Error - Unsafe JavaScript attempt to access frame with ...
1
vote
1answer
83 views
Role Based Security in JavaScript in RIA
I'm trying to learn the development of Web Applications in JavaScript, and for this I am developing a simple Time Tracking application. I am developing this with ExtJS for dynamically creating the UI.
...
1
vote
2answers
52 views
what happens in asynchronous loading of webapps if some script delete the previously loaded or included scripts?
the question is:
what happens in asynchronous loading of webapps if some script delete the previously loaded or included scripts?
Let have several scripts included:
<script src="Squel.js" ...
1
vote
3answers
116 views
How to securely send content from non-secure page to a secure URL?
I have a JavaScript snippet that is aimed to be embedded into any webpage. This snippet loads a form into the page it's embedded in. The snippet then sends the form data to a secure URL. Here is the ...
0
votes
5answers
99 views
Ajax calls and securing .js file information
Not so much a programming language... I'm building a website with many jQuery Ajax calls, not just to load data but also to perform many actions in my website, including admin specific actions like ...
0
votes
1answer
30 views
javascript error whithin iframe
i have this error while running a html file in chrome
iframe Unsafe JavaScript attempt to access frame with URL http://my_server.com/param from frame with URL ...
2
votes
2answers
281 views
prevent saving/downloading web page
I was wondering if there was a way to prevent a user from saving/downloading a web page? And by preventing I guess I mean not letting them have access to the data displayed through my web application ...
2
votes
0answers
49 views
Non-standard Javascript hashing routine? [closed]
We're looking into having browser to do some JS calculations to "prove it's a real browser" against all the DDOS attacks.
I'd like to have JS to do some hash calculations or similar. This code is ...
0
votes
0answers
27 views
Can you make a javascript sandbox that is secure enough to allow safe execution of arbitrary code? [duplicate]
Possible Duplicate:
Allow javascript in php form and avoid hacking like JsFiddle
I've got an interesting project that I'd like to make happen, however it would involve people uploading ...
0
votes
2answers
171 views
How to enforce single page web app security?
For example I am writing a web app using AngularJS, and it stores confidential information for the user like their credit card number.
I am thinking what are some of the security protocols I should ...
0
votes
0answers
26 views
Sourcing a non-secure script from a secure page
I have a secure page that needs to call the Yelp JSONP API. The only problem is that Yelp's servers aren't configured to support SSL so the request must be done over regular HTTP.
Is there any way at ...
0
votes
1answer
53 views
Geolocation Security - Alternatives or Solutions [closed]
HTML 5's Geolocation is a great tool, however what annoys me is that allow message that gets displayed to permit location identification, i don't want that to get displayed to my website users, since ...
0
votes
2answers
59 views
Is it possible to modify server reply on transit
I am building a javascript library that will allow authentication to server using SRP-6 protocol.
I know using javascript as an authentication method is not the best option due to XSS. But proper XSS ...
1
vote
0answers
104 views
Access denied to new window which was created from https page in ie9
I'm trying to create a new window in Internet Explorer 9 from a page with HTTPS connection. I want to paste the new HTML contents from an AJAX callback to the popup like this:
var popup = ...
Related Tags
security × 32html × 16
php × 14
jquery × 11
xss × 9
json × 7
html5 × 7
asp.net × 6
ajax × 6
iframe × 6
passwords × 4
firefox × 4
cross-domain × 4
csrf × 4
internet-explorer × 3
web-applications × 3
browser-security × 3
hash × 3
hacking × 3
java × 3
google-chrome-extension × 2canvas × 2
csrf-protection × 2
bots × 2
asp.net-mvc-3 × 2
