Javascript and PHP study guide.. HELPP!

[MarlboroMan]

---

bad coding results in security issues... ive made website before 80% JS 20% php... js cookie management is better than server side scripting, js browser and client detection is much better than server side scripting, js are more effective in preventing security issues in user level since the breach will start at user level...

the main problem with js is cross-site scripting, but most modern browser blocks that kind of request... content leaching? can be solved with proper coding

server side scripting executes what it passed sa iyaha... while ang JS can run in background and intercept the event...

daghan na desktop application nag dagan using javascript or one of its components
- Mozilla Firefox
- Seamonkey
- Chrome
- Mozilla Thunderbird
- Safari
- KomodoEdit
- Dreamweaver

kindly explain daw ngano hugot ang security sa client side(JS) kysa server side (php)?

[cutterpillow20]

Allstar kaau.. discuss lang mu mga bossing maminaw ko.. maka kat.on jud mi sa inu.
Oo, explain daw g pangutana ni marlboroman mga boss.

Godbless!

[boang3000]

murag OT na ko, unsay gamit ninyo na framework ani bai?

jquery/mootools ko boss

it was necessary since i dont do flash... so i end up js... bag-o lang ko na senior if we follow corporate settings based experienced...

mga pila sd ka yrs experience? layo2 pako guro da. nkatry na sd kag html5?

bro ask ako migo unsa mga libraries gamit nimo sa imong gibuhat.

library? sa jquery og mootools naa ra dri sa google https://developers.google.com/speed/libraries/

[salbahis]

kindly explain daw ngano hugot ang security sa client side(JS) kysa server side (php)?

did i say hugot ang security sa JS? i dont think so, i just pointed that in client level it is much easier to prevent security since most modern browser and OS are adopting security measure to limit any CLIENT LEVEL scripting, where as SERVER LEVEL cant since it resides on the server and the only way to secure is through the server... since client scripting have been source of various worms thats why client scripting have been capped and limited remember i love you virus is a form of client scripting since it uses VBS... most of the times if you NOT are being carefull in coding server script... pwede na ma injectkan ug any malicious code.... can AV and FW stop it? no.. they cant...

you have consider where the script resides to see which is much secure.... client side naay mga AV ug FW, sa server unsa man naa?

security of the server lies how the host secures it, but the client user however cant... server script cant access local resources and information, only JS can and its being limited or restricted already

unless you are using IE6 then i say server level is secure...

btw my argument evolves around security of the user not security of the site... i hope you dont misunderstood it...

mga pila sd ka yrs experience? layo2 pako guro da. nkatry na sd kag html5?

professionally as a web developer (note i based corporate experienced minus freelancing), ive been working already for 5 years, where as a freelance i starting wayback at college that time ASP and VB pako thats like 2002..., ever since HTML5 started mao nana ako gi adopt nga, inluding responsive layout, a dynamic framework (content is the king)


advantage jud basta comp tech and administrator ka before na developer kay you have more idea on how security works...

[chrisvil]

did i say hugot ang security sa JS? i dont think so, i just pointed that in client level it is much easier to prevent security since most modern browser and OS are adopting security measure to limit any CLIENT LEVEL scripting, where as SERVER LEVEL cant since it resides on the server and the only way to secure is through the server... since client scripting have been source of various worms thats why client scripting have been capped and limited remember i love you virus is a form of client scripting since it uses VBS... most of the times if you NOT are being carefull in coding server script... pwede na ma injectkan ug any malicious code.... can AV and FW stop it? no.. they cant...

you have consider where the script resides to see which is much secure.... client side naay mga AV ug FW, sa server unsa man naa?

security of the server lies how the host secures it, but the client user however cant... server script cant access local resources and information, only JS can and its being limited or restricted already

unless you are using IE6 then i say server level is secure...

btw my argument evolves around security of the user not security of the site... i hope you dont misunderstood it...



professionally as a web developer (note i based corporate experienced minus freelancing), ive been working already for 5 years, where as a freelance i starting wayback at college that time ASP and VB pako thats like 2002..., ever since HTML5 started mao nana ako gi adopt nga, inluding responsive layout, a dynamic framework (content is the king)


advantage jud basta comp tech and administrator ka before na developer kay you have more idea on how security works...

Akong nasabtan ani kay imo web applications should be protected at all cost in server-side, so pag client ka nag secured, for sure it can be by-passed to your server especially weak imo server security.

Mostly sa akoa coding pag protect sa akoang apps kay server-side gyud, protect from sql injection, expolit or any other ways. Less kaayo ko sa javascript. Ang javascript maayo lang ni pang user validation kay ari sya mas efficient kay client-side. Mas maayo ma validate sa ang user before going to server. Mao na naka ingon ko na less ang javascript coding compare sa PHP for security reason.

Furthermore, it's all about server security. Naa man ang main business gyud sa server.

[ondoy]

i can see JS codes in your site, does it mean its secure?

[boang3000]

@salbahis - ahh dakoa na d i exp nimo oy. hehe mao jd sa msnindot if gikan kas admin jd kay ms mo broaden pa jd maayo about sa securities pro ang pgcoding ana may lisod guro kay more on lawm nga javascript nmn ang gamiton na kanang d na masabtan nga codes. d ko sure ha? sa ako rang opinion. correct me if im wrong lng.

[salbahis]

Akong nasabtan ani kay imo web applications should be protected at all cost in server-side, so pag client ka nag secured, for sure it can be by-passed to your server especially weak imo server security.

Mostly sa akoa coding pag protect sa akoang apps kay server-side gyud, protect from sql injection, expolit or any other ways. Less kaayo ko sa javascript. Ang javascript maayo lang ni pang user validation kay ari sya mas efficient kay client-side. Mas maayo ma validate sa ang user before going to server. Mao na naka ingon ko na less ang javascript coding compare sa PHP for security reason.

Furthermore, it's all about server security. Naa man ang main business gyud sa server.

i protect sad na nimo ang imo server side nga script, pero di dapat nato kalimtan nga some infection is caused by a malicious client script... it is not PHP that will drop a worm sa imo PC if you visited a compromised site... javascript na... you have to understand how the browser works, dili na mo download ug server side nga script...

remember i said sa taas "my argument evolves around security of the user not security of the site... i hope you dont misunderstood it...", what user security i mean is protection from malicious script that will drop malicious worm from an infected site... if we are talking about request and action, then i will have to say mas dali i secure sa server...

if we are talking about server security i have a lot to say pud... mga site sa amo office are under constant attack ug injection thats why i have to recode all site and add extra layer of protection... injection is one thats why mas advantage if ang developer kabalo sa ug ethical hacking... anyways... there security nga dili maka prevent ang developer... if ang site gi DDOS ang developer can only do backing up things, reporting to host and preparing for the worst...

[salbahis]

@salbahis - ahh dakoa na d i exp nimo oy. hehe mao jd sa msnindot if gikan kas admin jd kay ms mo broaden pa jd maayo about sa securities pro ang pgcoding ana may lisod guro kay more on lawm nga javascript nmn ang gamiton na kanang d na masabtan nga codes. d ko sure ha? sa ako rang opinion. correct me if im wrong lng.

i usually use OOP sa js... sometimes jquery if needed if dinalian... JS is actually very simple... it can run maski gawas sa browser... that if kung dili i block sa AV... just like VBS it can be used to shutdown remote computer using WSH... mao man na ko lingaw sa una sa innodata i-troll nako ang mga sabaan nga PA then i shutdown ug kalit ila unit using VBS/WSH

server scripts well it needs server... and limitation sa server scripts mag depende kung unsay gi enable sa server..

im just lucky lang when i started naka sulod kog company nga grabe ka extensive ang ma experienced namo.... beside i rarely say no, im a risk taker in terms in accepting projects... thats why to lessen the risk i made a custom CMS for my own use... and i always follow simple philosophy... T.A.E.

[noobie]

unsa meaning T.A.E bro ? taka ako estorya?