FORUMS PROFESSIONNELS
WINDEV
,
WEBDEV
et
WINDEV Mobile
Accueil
|
Messages récents
|
Connexion
|
Déconnexion
|
Français
Accueil
→
WEBDEV 2024
→
Site vulnerable to XSS attacks!
Site vulnerable to XSS attacks!
Débuté par Steve, 24 mar. 2017 20:24 - 2 réponses
Connectez-vous…
Steve
#1
Posté le 24 mars 2017 - 20:24
Hello,
I'm a developer from Belgium and have a .NET background. Recently I started using Windev/Webdev for a project.
The project is recently pushed to QA mode. Today we've done some heavily security testing and we've noticed that our project is vulnerable to XSS attacks.
All javascript code that's added in the frontend page (html) reaches the database. What's a real showstopper. I did some research in the documentation but I can't find anything in the framework that can prevent this attacks.
Hopefully someone can help me out and point me in the right direction.
Sincerly,
Steve
Signaler
0
0
vvido
#2
Membre enregistré
94 messages
Posté le 27 mars 2017 - 10:06
Please keep us posted with any information you will receive from PCSoft.
We are about to start a new project with WebDev (the first one) and this information could be crucial for the selection (choice of some other product) of development tools.
Thanks in advance.
Signaler
0
0
Fabrice Harari
#3
Posté le 29 mars 2017 - 00:24
Hi Steve,
I'm not sure what you mean by this:
All javascript code that's added in the frontend page (html) reaches the
database. What's a real showstopper. I did some research in the
In Webdev, the JS code calls some SERVER SIDE code and THAT code does
the data access...
This means that any security YOU put in place in the server side code
will prevent ANY attack coming from the browser side...
So either you did not put any security code in place, or you did not put
it at the right place, or you deliberately created a security hole, or
we are not talking about the same thing at all
Best regards
--
Fabrice Harari
International WinDev, WebDev and WinDev mobile Consulting
Ready for you: WXShowroom.com, WXReplication (open source) and now WXEDM
(open source)
More information on
http://www.fabriceharari.com
Signaler
0
0
→ Revenir à WEBDEV 2024
WINDEV 2024
WEBDEV 2024
WINDEV Mobile 2024
WINDEV (précédentes versions)
Français
English
Español
Portuguesa
Fermer cette fenêtre
Type de recherche
Uniquement les sujets
Tous les messages
Période de recherche
Date indifférente
Moins d'une heure
Moins de 24 heures
Moins d'une semaine
Moins d'un mois
Moins d'un an
Annuler
Aperçu de votre message
Ajouter une image
Importer une image depuis une URL
Envoyer une image depuis un fichier de votre disque
Déposez ici un fichier ou cliquez sur "Parcourir..."
ou
Annuler
0%
WLangage
SQL
XML, HTML
JAVA, Javascript
Texte