javascript-security

How to ensure that the hibernate version number stays immutable in a javascript client?

帅比萌擦擦* 提交于 2019-12-13 18:15:20
问题 I have a Rest backend with Java and Hibernate and im using Optimistic Locking with the version property. For concurrency control, this version property must go to the client and again to the server with post request. But, in a javascript client i lose control over the integrity of this property, for example: A client "A" requests the resource 1. A client "B" requests the same resource. The server responds with resource 1 version 1 to both clients (in their respective responses) The client "A"

File Upload and knowing the directory structure

↘锁芯ラ 提交于 2019-12-12 07:18:59
问题 We are using jquery fileupload to drag and drop files (and folders) from a local computer to a browser. This works great but we can't capture the directory structure of the files within the folder. I understand why (from a security perspective and javascript) this doesn't work, but does anyone have any thoughts on best ways to achieve the same thing. Again, I want my customer (internal app) to drag and drop a folder into my application. My application can see the list of filenames and they

File Upload and knowing the directory structure

梦想的初衷 提交于 2019-11-30 22:21:47
We are using jquery fileupload to drag and drop files (and folders) from a local computer to a browser. This works great but we can't capture the directory structure of the files within the folder. I understand why (from a security perspective and javascript) this doesn't work, but does anyone have any thoughts on best ways to achieve the same thing. Again, I want my customer (internal app) to drag and drop a folder into my application. My application can see the list of filenames and they get uploaded, but I would like to maintain the directory structure of those files for use elsewhere. i.e.

Why same origin policy for XMLHttpRequest

怎甘沉沦 提交于 2019-11-26 18:06:48
问题 Why do browsers apply the same origin policy to XMLHttpRequest? It's really inconvenient for developers, but it appears it does little in actually stopping hackers. There are workarounds, they can still include javascript from outside sources (the power behind JSONP). It seems like an outdated "feature" in a web that's largely interlinked. 回答1: Because an XMLHttpRequest passes the user's authentication tokens. If the user were logged onto example.com with basic auth or some cookies, then
订阅 javascript-security