Full Disclosure mailing list archives
Re: JavaScript exploits via source code disclosure
From: "Jan G.B." <ro0ot.w00t () googlemail com>
Date: Thu, 6 May 2010 18:31:09 +0200
You may write a "proxy" that sits between your client and your internal databroker which only allows some defined methods and params? What else was the question? Regards 2010/5/6, Ed Carp <erc () pobox com>:
Just for clarification, the business wants to put client-side Javascript on a customer-facing web site, and it's my job to figure out how to protect the back-end web services...sigh... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: JavaScript exploits via source code disclosure, (continued)
- Re: JavaScript exploits via source code disclosure Nick FitzGerald (May 06)
- Re: JavaScript exploits via source code disclosure Ed Carp (May 06)
- Re: JavaScript exploits via source code disclosure Valdis . Kletnieks (May 06)
- Re: JavaScript exploits via source code disclosure PsychoBilly (May 06)
- Re: JavaScript exploits via source code disclosure Marsh Ray (May 06)
- Re: JavaScript exploits via source code disclosure PsychoBilly (May 06)
- Re: JavaScript exploits via source code disclosure Marsh Ray (May 06)
- Re: JavaScript exploits via source code disclosure Christian Sciberras (May 06)
- Re: JavaScript exploits via source code disclosure Nick FitzGerald (May 06)
- Re: JavaScript exploits via source code disclosure Christian Sciberras (May 06)
- Re: JavaScript exploits via source code disclosure T Biehn (May 06)