java script security problem?
-
hi i want to use java script files to store data in client computer like google's gmail mechanism for auto complete and speed matter. but i don't know how i can hide this file(which containes user data) from hackers just like gmail(i can't find gmail data in my computer and i can't save gmail page correctly to see my data stored in some files!) how gmail does it? and how i can prevent jscript file saving request from user? i'm wating thanks
-
hi i want to use java script files to store data in client computer like google's gmail mechanism for auto complete and speed matter. but i don't know how i can hide this file(which containes user data) from hackers just like gmail(i can't find gmail data in my computer and i can't save gmail page correctly to see my data stored in some files!) how gmail does it? and how i can prevent jscript file saving request from user? i'm wating thanks
Actually, that isn't the way it works. Gmail stores the user data on their end and passes it along with the web page. Javascript can't store data on the client's computer. It can if you run the script locally, but the activeX component which does it is disabled if you run it off a web server (this is a security measure Microsoft put in place). What I would do is create a database of user information on your site and pass the necessary information in as metadata with the page. It is much more secure and a whole lot easier to deal with. Besides, the user can get his/her information on your site without having to be on the same computer each time.
-
hi JKroschel thanx to your reply i have a sample that shows how javascript files can store data on clinet computer(data can be stored in array structure and can be retrived in html pages by refrencing array).this sample works great and excactly like gmail's address book match finder script.if u want i can send this sample to u.but my problem is that i can't find out how gmail hides user data(js files) from unauthorized users in clineet computer. i become so glad to talk on this subject to u. bye
JKroschel wrote: Actually, that isn't the way it works. Gmail stores the user data on their end and passes it along with the web page. I agree. It may seem very fast because it uses xmlhttprequest to get the data from the server, without reloading the page, with javascript. Read up on the newly coined phrase "AJAX". or try this one: http://www.softwareas.com/ajax-patterns
...think concepts, teach to learn...
-
Actually, that isn't the way it works. Gmail stores the user data on their end and passes it along with the web page. Javascript can't store data on the client's computer. It can if you run the script locally, but the activeX component which does it is disabled if you run it off a web server (this is a security measure Microsoft put in place). What I would do is create a database of user information on your site and pass the necessary information in as metadata with the page. It is much more secure and a whole lot easier to deal with. Besides, the user can get his/her information on your site without having to be on the same computer each time.
hi JKroschel thanx to your reply i have a sample that shows how javascript files can store data on clinet computer(data can be stored in array structure and can be retrived in html pages by refrencing array).this sample works great and excactly like gmail's address book match finder script.if u want i can send this sample to u.but my problem is that i can't find out how gmail hides user data(js files) from unauthorized users in clineet computer. i become so glad to talk on this subject to u. bye
-
hi JKroschel thanx to your reply i have a sample that shows how javascript files can store data on clinet computer(data can be stored in array structure and can be retrived in html pages by refrencing array).this sample works great and excactly like gmail's address book match finder script.if u want i can send this sample to u.but my problem is that i can't find out how gmail hides user data(js files) from unauthorized users in clineet computer. i become so glad to talk on this subject to u. bye
I guess I stand corrected. I'd love to see the code that can do that...Could you post it? In any case, it will still be more efficient if you store the users' data on your server so the user can work with his or her information on multiple computers. This is also more secure because then you don't need to worry about other people getting access to someone else's information, which sounds like the problem you are trying to fix.
-
I guess I stand corrected. I'd love to see the code that can do that...Could you post it? In any case, it will still be more efficient if you store the users' data on your server so the user can work with his or her information on multiple computers. This is also more secure because then you don't need to worry about other people getting access to someone else's information, which sounds like the problem you are trying to fix.
hi i will post my sample to your mail to see what i mean. thanks
-
I guess I stand corrected. I'd love to see the code that can do that...Could you post it? In any case, it will still be more efficient if you store the users' data on your server so the user can work with his or her information on multiple computers. This is also more secure because then you don't need to worry about other people getting access to someone else's information, which sounds like the problem you are trying to fix.
hi i will post my sample to your mail to see what i mean. my mail is hassan.azizi@gmail.com ,pls send your mail address to me. thanks