There are many possibilities to extend the functionality or interactivity of a browser. In the previous section, we saw that helper applications and plugins provide an immediate solution. Similarly, there are some full-fledged programming languages that can be used to implement programs that are executed on the client side. The most important programming language in use today is Java. It can be used to implement Java applets that are executed in a browser s Java virtual machine (JVM). Unfortunately, the capabilities of most programming languages can only be exploited by technically skilled programmers. The creation of Java applets from scratch, for example, is beyond the capabilities of many Webmasters. Also, a full-blown Java applet is overkill for most applications. If a Webmaster only needs to verify that the value typed in by a
The security of a scripting language primarily depends on the power of its commands or
The most serious threats of scripting languages are related to DoS attacks and privacy violations:
As mentioned above, scripting languages can be used to do many things that are
Because scripting language code runs inside a browser, it
More worrisome, scripting languages can be used to mount electronic versions of social engineering attacks.
password = prompt("You have lost your dial-up connection.\n
Please reenter your password","");
< /SCRIPT >
It is possible and very likely that many users type in their passwords if such a window pops up on the screen.
onMouseover="window.status= http://www.realshop.com ;
return true" > here < /A > to enter the real shop.
Obviously, the two technologies (and many others) can be combined to maliciously mislead users at will.
Note that there are PostScript commands to
 Server-side scripting languages and their security implications are addressed in Chapter 11.
VBScript is a