L
Lucas Kruijswijk
Hello all,
I have a security question. Instead of heaving a session key,
I was thinking to hold the password of some application in
a Javascript variable.
Each time a http (or https) request is send from Javascript,
I also send the password. The server checks the password
and sends back the result.
In this way, no need for session.
Is there a security problem with this kind of programming?
The only thing I could think of, is that in Firefox and firebug
someone could access the variable to get the password. But
that is a risk I take.
I am more concerned that some evil website could steal the
password by some other Javascript. But I could not find
a way, so, I assume this is rather safe.
Or, does someone disagree?
Regards,
Lucas
I have a security question. Instead of heaving a session key,
I was thinking to hold the password of some application in
a Javascript variable.
Each time a http (or https) request is send from Javascript,
I also send the password. The server checks the password
and sends back the result.
In this way, no need for session.
Is there a security problem with this kind of programming?
The only thing I could think of, is that in Firefox and firebug
someone could access the variable to get the password. But
that is a risk I take.
I am more concerned that some evil website could steal the
password by some other Javascript. But I could not find
a way, so, I assume this is rather safe.
Or, does someone disagree?
Regards,
Lucas