html5 - Is my application secure? -


first of all, don't have code display in question here, because i'm still designing application structure, have design developed.

i'm building phone application i'm trying make secure possible, know it's not necessary on application size of mine, still, practice.

my app on angular phonegap, server side accessible through https , nodejs mongodb, stateless server, restful api.

once user logged in (using user , password or facebook), session id stored on client side (angular cookies) , required each access server (checking if there user logged in session id).

i heard form tokens implemented - on each form in end send request server (for example, changing user information , hitting save) require form token, random value generated session on building form - onload function calls server generate specific form token.

seems pretty cool, still not sure if good. thinking of it, can call restful method generate form token wants using session id found (by brute forcing or whatever), , call other restful method change user.. also, server should limited accessed application... can't restrict origin because ip changes phone phone... restriction server should have?

i starter @ security web apps , advice, explaining , help! application secure enough?

i spend time on owasp.

the owasp top ten represents broad consensus critical web application security flaws are.


Comments

Post a Comment

Popular posts from this blog

apache - Remove .php and add trailing slash in url using htaccess not loading css -

i have add following code htaccess file removing .php extension , add trailing slash urls. worked fine reduced page loading speed , css code not loading @ all. pages ugly. please help rewriteengine on rewritebase / ## hide .php extension snippet # externally redirect /dir/foo.php /dir/foo rewritecond %{the_request} ^[a-z]{3,}\s([^.]+)\.php [nc] rewriterule ^ %1/ [r,l] # add trailing slash rewritecond %{request_filename} !-f rewritecond %{request_uri} !/$ rewriterule . %{request_uri}/ [l,r=301] # internally forward /dir/foo /dir/foo.php rewritecond %{request_filename} !-d rewritecond %{request_filename}.php -f rewriterule ^(.*?)/?$ $1.php [l] we can rewrite urls using .htaccess files. before writing in .htaccess files need verify kind of server using. can check server adding a <?php phpinfo(); ?> in php page. ensure mod_rewrite module enabled in apache server. can identified checking phpinfo included page. common methods used url rewriting follows ...
Read more

javascript - jQuery show full size image on click -

pretty self explanatory not workking . i want display full image when user click on image... yes know there tons of plugins but i want keep simple. any idea ? css : .full { display: none; width: 500px; height: 500px; margin-left: 100px; margin-top: -300px; position: fixed; background-color: #f00; z-index: 6; } .thumbnail { width: 50px; height: 50px; } html: <img class="thumbnail" src="http://4.bp.blogspot.com/-uhbdp2esxng/txneptvi92i/aaaaaaaaaky/upfqis7zto0/s1600/rihanna-wallpaper.jpg"> jquery: $(document).ready(function() { $('.thumbnail').on('click', function() { var img = $('<img />',{src:this.src,'class':'full'}); $('.full').html(img).show(); console.log('done!'); }); }); try looking how jquery works. $(document).ready(function() { $('.thumbnail').on('click', function(...
Read more