1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Security on front side

Discussion in 'HTML & Website Design' started by maileen, Apr 17, 2017.

  1. #1
    Hi,

    I would like to develop a web application and i wanted to know, how can i secure enough front end knowing that front end consists of html, javascript/javascript frameworks and css ?
    First step must be to force HTTPS i guess and to use a session to store not sensible data.

    Is it correct ?
    SEMrush
    Regarding forcing HTTPS, i do not think that forcing HTTPS using javascript is a good solution as it can be hacked, so the best and easiest way is to use apache/nginx or is there other possibilities ?


    thx
     
    maileen, Apr 17, 2017 IP
    SEMrush
  2. sarahk

    sarahk iTamer Staff

    Messages:
    25,393
    Likes Received:
    3,494
    Best Answers:
    101
    Trophy Points:
    665
    #2
    What are you trying to secure - people using the front end to hack the server? or people being able to see the underlying code?
     
    sarahk, Apr 17, 2017 IP
  3. alexmv

    alexmv Peon

    Messages:
    12
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    3
    #3
    Hi,

    is your application going to use some server-side programming language like PHP or .NET? What about using a database? The weakest elements are forms and you need to pay attention to them. Proper validation is needed.

    About forcing HTTPS I recommend to make it in .htaccess file on the server. Take a look here: http://stackoverflow.com/questions/4398951/force-ssl-https-using-htaccess-and-mod-rewrite
    or here: http://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file

    And better to stay away from the sessions if you can. My opinion.
     
    alexmv, Apr 20, 2017 IP