1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Javascript security

Discussion in 'Programming' started by qlithe, Apr 24, 2017.

  1. qlithe

    qlithe Power Member

    Joined:
    Feb 14, 2012
    Messages:
    659
    Likes Received:
    96
    Hey!

    I'm currently developing a site in pure jquery, PHP, mysql

    I've done all I can think of when it comes to security when it comes to PHP/Mysql but this is actually the first time that I'm using javascript. What should I keep in mind to make my site as protected as possible?

    Any answer is appreciated
     
  2. iomatt

    iomatt Registered Member

    Joined:
    Apr 23, 2017
    Messages:
    54
    Likes Received:
    1
    Gender:
    Male
    Javascripts load directly in the browser of the visitor, so there is not a lot to do in terms of security, just be sure your code is protected against XSS and cross site request forgery.
     
  3. qlithe

    qlithe Power Member

    Joined:
    Feb 14, 2012
    Messages:
    659
    Likes Received:
    96
    Yes, but what I'm most concerned about is my ajax functions. I use global functions with ajax calls inside, and they can easily be run from the console for example. Can't the user just put the function in an infinite loop and easily create a ddos attack? How am I suppose to protect myself from this?
     
  4. iomatt

    iomatt Registered Member

    Joined:
    Apr 23, 2017
    Messages:
    54
    Likes Received:
    1
    Gender:
    Male
    A good way to protect your website against abuse from Ajax calls, would be to implement a server side solution that limit requests based on user IP adress and number of request per minute, for example.
     
  5. qlithe

    qlithe Power Member

    Joined:
    Feb 14, 2012
    Messages:
    659
    Likes Received:
    96
    But how do I protect my ajax functions from being abused like this?
    Code:
    while(true){
    myajaxfunction();
    }
     
  6. AneaKr

    AneaKr Jr. VIP Jr. VIP

    Joined:
    Oct 15, 2014
    Messages:
    159
    Likes Received:
    27
    Occupation:
    SEM Specialist
    Home Page:
    You could request a token from the server each time a request is made. But beyond this, the previous response by @iomatt (a server-side script that limits the amount of requests) should be more than enough. I wouldn't worry too much in this case.
     
    • Thanks Thanks x 1
  7. dbanjo

    dbanjo BANNED BANNED

    Joined:
    Dec 4, 2016
    Messages:
    120
    Likes Received:
    49
    What is pure jquery, PHP, mysql?
     
  8. bl4cksta

    bl4cksta Registered Member

    Joined:
    Mar 6, 2017
    Messages:
    51
    Likes Received:
    6
    Gender:
    Male
    You can use OAuth on your API endpoints which called by ajax.For more security, you need to code js on a server side.