Suppose an online coding platform that allows users to enter code and submit the code in the web page form. It also shows the code that was previously entered, by storing it in database. How to ensure that malicious code does not get executed both on the front-end and back-end? What are the things that need to be considered for security.
I know about safeguarding and implementing -
- Session Hijacking
- XSS attacks
- CSRF
- SQL injection
- Encypting user passwords
- Man in the middle attack
My question is to find out what else needs to be done, to stop the user provided code from executing on my backend. Any interesting topics that I can read about.
Should encrypting the code text and storing them in encrypted format will help? Or is it advisable to store code text in non-executable files on the server, creating them dynamically for each user?
from Security when storing user provided javascript code from web page forms into db
No comments:
Post a Comment