While a bit worried, I said that she might haven't heard of XSS(or CSS, cross site scripting). Probably she haven't tried few developments on the wild internet, but actually a small javascript code can override functions, even prevent a server control's default action to a new one, thru Javascript. I agree that, server side validation is powerful, but javascript is like a shoelace, that on a hand of an assassin, can even be deadly.
I have posted an article here about PRC website hacking incident. I believe it was done thru SQL Injection and XSS (by injecting script tag). Reputation of PRC website for google is laced with malicious attempts to download harmful materials.
For those who doesn't acknowledge what Javascript can do. It can even change your web application to post to a remote server and steal informations. That's a good reason to do validation, both client and server side.
0 comments:
Post a Comment