Question
I've noticed a big shift toward more and more client-side Javascript code these days. Packages like Backbone.js and others perform validation, access control and more. Is this causing security risks and if so what risks should we be aware of? Is Javascript based validation a security risk?
Solution 2
It's a security risk if it isn't backed up with equivalent or stronger validation on the server side.
It can be very powerful as an ease-of-use feature to make the UX smoother, preventing tedious or jarring round-trips and page reloads, but you're quite right that you can't rely on it as a security feature.
OTHER TIPS
Browser-based validation is a user convenience.
It has nothing to do with security, since it doesn't actually validate requests.
You still need to validate everything on the server.
Javascript validation in and of itself is not a risk. Is can provide an additional layer of data validation/scrubbing. What IS a risk is relying SOLELY upon client-side validation if your information is being passed to a server to process.
Javascript should never be your security screening. Javascript being client side, is vulnerable. Javascript validation is used to ease user experience.
It is better to use server side scripting for security purposes.
https://stackoverflow.com/questions/17031215
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian