 HTML5 Web Database Security
By : TIM
Date : March 29 2020, 07:55 AM
will be helpful for those in need The only way an external party could access the user's database is via direct access to the user's computer, or if your web app has a security vulnerability (such as XSS - Cross Site Scripting). Otherwise standard browser security dictates that only scripts running in web pages from a certain domain can access databases that were created/stored on that same domain (same origin-policy), same thing that stops you making cross-domain Ajax requests, or reading other website's cookies, all of which can be overcome via an XSS attack.
To me, storing a draft email seems reasonably sensible, whereas things like credit card details, passwords etc. should be stored exclusively server-side. You'll need to make a call as to what should be stored where, based on what you're going to store.
|
 HTML5 localStorage security
By : Muneeb Arif
Date : March 29 2020, 07:55 AM
wish help you to fix your issue Bad idea.
Someone with access to the machine will always be able to read the localStorage, there is nothing much you can do to prevent it. Just type 'localStorage' in firebug console, and you get all the key/value pairs nicely listed. If you have an XSS vulnerability in your application, anything stored in localStorage is available to an attacker. You can try and encrypting it, but there is a catch. Encrypting it on the client is possible, but would mean the user has to provide a password and you have to depend on not-so-well-tested javascript implementations of cryptography. Encrypting on the server side is of course possible, but then the client code cannot read or update it, and so you have reduced localStorage to a glorified cookie.
|
 HTML5 mobile app security
By : Karl Christopher Cañ
Date : March 29 2020, 07:55 AM
This might help you You can use PreAuthenticationProcessingFilter to achieve this requirement, have a look similar case and spring security doc
|
Audio tag security in html5
By : Sam_2903
Date : March 29 2020, 07:55 AM
it should still fix some issue Kind of. Grooveshark send a POST request to a server-side script for the MP3 that is being streamed which makes it very difficult to just access and spoof without dynamically creating a POST request yourself - especially seeing as you would have to then attempt to store the audio file that is collected. But you can use the new AudioContext to help solve this for most modern platforms... code :
var dogBarkingBuffer = null;
// Fix up prefixing
window.AudioContext = window.AudioContext || window.webkitAudioContext;
var context = new AudioContext();
function loadDogSound(url) {
var request = new XMLHttpRequest();
request.open('POST', url, true);
request.setRequestHeader("Content-type","application/x-www-form-urlencoded");
request.responseType = 'arraybuffer';
// Decode asynchronously
request.onload = function() {
context.decodeAudioData(request.response, function(buffer) {
dogBarkingBuffer = buffer;
}, onError);
}
//this is the encryption key
request.send("key=98753897358975387943");
}
|
html5 web font security
By : Puneeth Gowda
Date : March 29 2020, 07:55 AM
|
Related Posts :
» 
code :
