'What if someone sends many AJAX requests to a login script in a website (e.g., Facebook, Yahoo! etc.) and try all different combinations of usernames and passwords to hack into users accounts?'
Fortunately, for security reasons modern-day client-side languages such as JavaScript do not allow AJAX requests to be sent from a script to another script on a different domain. For example, in order to send AJAX requests to "https://www.facebook.com/login.php" (Script that handles user log-ins to Facebook.com) you need to have your own script put on the 'Facebook.com' domain. In other words, you can only send AJAX requests to scripts that are located on the same domain where your own file (script) is located. This rule is known as same-origin policy.
However, it does not end all here. What if you are one of the creators of programming languages such as JavaScript? or what if you can somehow manipulate these languages or create a new browser-side language that can violate this policy?
If you did not already know, you should know that your information in the world wide web it is by no means secure ...
No comments:
Post a Comment