JavaScript considered harmful (was Re: New online index to Be azley's tutorials)
Michael Ströder
michael at stroeder.com
Wed Jan 9 07:12:00 EST 2002
"John W. Baxter" wrote:
>
> In article <mailman.1010531652.8777.python-list at python.org>, Delaney,
> Timothy <tdelaney at avaya.com> wrote:
>
> > My solution? Send all the data as a single Javascript string (fields
> > tab-delimited, records cr-delimited). Then a client-side JS function parsed
> > the string and produced the required HTML.
>
> Bell Atlantic demonstrated how this approach can go horribly wrong.
> They included password verification in the JavaScript, and the JS
> included the data which the password was intended to protect.
Tss, tss. I also found web apps where username and password of
mainframe backend systems were transmitted in Javascript code to the
browser. It's a wild world out there... ;-)
Ciao, Michael.
More information about the Python-list
mailing list