Security of Javascript

Re: Security of Javascript

In article <e9305b80.03122 30538.ccb7365@p osting.google.c om>, msbg4
@hotmail.com says...[color=blue]
> I was wondering if using Javascript to redirect a user, on the client
> side, to different pages depending on what they entered was insecure.
> I do not want the user to be able to view the source of the page.[/color]

Tough.

[color=blue]
> I
> am having the user enter in some input using the input dialog box and
> then using a window.location redirection based on their input. Is it
> possible to view the source of a page after the input box has closed
> but before the new page has loaded, ie. while the browser is
> requesting the new page?[/color]

Yes. Look in your cache.

--
Hywel I do not eat quiche

Re: Security of Javascript

In article <e9305b80.03122 30538.ccb7365@p osting.google.c om>, msbg4
@hotmail.com enlightened us with...[color=blue]
> I was wondering if using Javascript to redirect a user, on the client
> side, to different pages depending on what they entered was insecure.
> I do not want the user to be able to view the source of the page.[/color]

Well, all I have to do is turn off my javascript or look in my cache.
heh
You can try to obfuscate it, but if I want it that bad, I'll run it
through a deobfuscator.
[color=blue]
> I
> am having the user enter in some input using the input dialog box and
> then using a window.location redirection based on their input.[/color]

Then evaluate the input on the server-side and redirect from the server.
No other way is secure. If my browser can see it, so can I, no matter
what you do. If I want it, it's mine.

If you really want to be a pain, use Flash. I have to deconstruct and
reconstruct that to see the source, which is difficult and rarely worth
anyone's time. Of course, that requires a plugin, which may piss off
some users.

--
--
~kaeli~
Never mess up an apology with an excuse.