Security on front side

Discussion in 'HTML & Website Design' started by maileen, Apr 17, 2017.

  1. #1
    Hi,

    I would like to develop a web application and i wanted to know, how can i secure enough front end knowing that front end consists of html, javascript/javascript frameworks and css ?
    First step must be to force HTTPS i guess and to use a session to store not sensible data.

    Is it correct ?

    Regarding forcing HTTPS, i do not think that forcing HTTPS using javascript is a good solution as it can be hacked, so the best and easiest way is to use apache/nginx or is there other possibilities ?


    thx
     
    maileen, Apr 17, 2017 IP
  2. sarahk

    sarahk iTamer Staff

    Messages:
    28,807
    Likes Received:
    4,534
    Best Answers:
    123
    Trophy Points:
    665
    #2
    What are you trying to secure - people using the front end to hack the server? or people being able to see the underlying code?
     
    sarahk, Apr 17, 2017 IP
  3. alexmv

    alexmv Peon

    Messages:
    12
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    3
    #3
    Hi,

    is your application going to use some server-side programming language like PHP or .NET? What about using a database? The weakest elements are forms and you need to pay attention to them. Proper validation is needed.

    About forcing HTTPS I recommend to make it in .htaccess file on the server. Take a look here: http://stackoverflow.com/questions/4398951/force-ssl-https-using-htaccess-and-mod-rewrite
    or here: http://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file

    And better to stay away from the sessions if you can. My opinion.
     
    alexmv, Apr 20, 2017 IP