Security+ Objective 1.4 Carry out the appropriate procedures to establish application security – Scripting

Let’s continue talking about web sites that do more than just display the same data all the time. You can skip to the last paragraph if you just want the thing you need to know for the exam.
Scripting is the way to make that happen. If a programmer writes a script to make their site do something really cool, there are two places where that script can be processed. Client-side scripts send the code to the user’s computer to be run. Server-side scripts work their magic on the web server and send the results to the user. Client-side scripts rely on the users system to have a web browser that understands the script. If you don’t want to rely on the user, you can use server-side scripts that only rely on the server. It’s easier to make sure your server has the right capabilities, rather than all possible users who hit your site.
Real World Example: The most common client-side scripting language is Javascript. Next time you’re browsing the web, right click on the page, choose “view source” and look for some code that says Javascript. The most common server-side scripting languages these days are ASP.Net and PHP. Next time you browse the web look for an “aspx” or a “php” in the web address. You won’t be able to find any ASP.Net or PHP code in the source because the server already processed it and sent the results.
The security risk of server-side scripting lies in the fact that the server does whatever the script tells it to. If a bad guy can get his code onto the server, it will do whatever the bad guy wants it to.

Go back to the Exam Objectives list

Be Sociable, Share!


There are no comments yet...Kick things off by filling out the form below.

Leave a Comment