security

What are the front-end security issues?

  • XSS cross-site request attack
  • XSRF cross-site request forgery
  • Above these two problems, the front end is only auxiliary, mainly or rely on the back end

XSS principle

  • In a blog, you can write articles and sneak in a paragraph<script>The code.
  • Post a blog, someone reads it
  • When the blog is opened, the inserted JS attack code is executed
  • In the attack code, a cookie(which may contain sensitive information) is obtained and sent to the attacker’s server, and the attacker obtains information about the blog’s readers.

XSS prevention

  • Front-end replace keywords such as < with <
  • However, front-end replacement affects performance, and usually back-end replacement

XSRF principle

  • You’ve logged on to a shopping website and are browsing
  • The paid interface is xxx.com/pay?id=100, but there is no verification
  • And then you get an email, hidden< img SRC = "is xxx.com/pay?id=100" >
  • You’ve secretly paid for it while checking your email

XSRF prevention

  • Add authentication process, such as fingerprint, password, SMS verification code
  • In practice, the front end works with the back end to do these validations

 

What are the general security issues?

XSS: Cross-site scripting attacks

Before the user can enter