Chapter 8. The Sandbox and Beyond: Cookies, Connectivity, and Piracy

Previous page
Table of content
Next page

JavaScript achieved its early popularity in part because of the assurances of the language's safety. After all, JavaScript in browsers operates within a sandboxa protective environment that stringently restricts access to the client's machine. There are no mechanisms to open or create files; the language operates within a temporary environment, which is discarded as soon as the browser terminates or a web page is exited; if data is transmitted, the user is informed; and so on.

We learned over time that there is no way to completely protect the client machines, not when there are determined hackers ready to exploit even the smallest openings in browser or language. The only way to prevent this type of access is to completely close off the client machine from browser access, which makes the browser less than useful. After all, some of the more popular features of browsers are bookmarks, plug-ins and extensions, and remembering URLs and form-field entries. All of these require putting something on the client's machine; many require the use of cookies.

Cookies: hate them, love them. Cookies are bits of data storage on the client based on key information, provided by the server, that allows JavaScript developers to persist information either during a session (until a browser is closed), or between sessions (web accesses). The original concept was that only those requests to get or write cookies associated with the web page's domain would be given access, and therefore the information would be secure. Based on this premise, JavaScript was used to persist anything from a person's login name and password to shopping-cart contents. There's rarely a commercial site you can visit on the Web nowadays that doesn't have some form of cookie implementedwhether you want it or not.

Over time, breaks in the security of cookies, as well as concerns about privacy, have tarnished the JavaScript cookies' reputation. Concerns about privacy in particular have led to more people turning off cookie support in their browsers. Still, cookies are very popular and, if not abused, very helpful.

This chapter explores the JavaScript sandbox and the restrictions built into the language to prevent malicious activity. We'll also look at how cookies work within this environment, and some alternative cookie implementations using plug-ins and browser extensions.

Finally, we'll look at cross-site scripting (XSS) attackswhere modern-day pirates sail the Internet rather than the oceans, stealing sensitive data rather than gold and jewels. Arggh.



Previous page
Table of content
Next page
Learning JavaScript
Learning JavaScript, 2nd Edition
ISBN: 0596521871
EAN: 2147483647
Year: 2006
Pages: 151
Authors: Shelley Powers
BUY ON AMAZON
The CISSP and CAP Prep Guide: Platinum Edition
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Mapping Hacks: Tips & Tools for Electronic Cartography
Programming Microsoft ASP.NET 3.5
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
The Oracle Hackers Handbook: Hacking and Defending Oracle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy