Question

Q1. In order to limit the creation of malicious code, do you think that access to elements of the document object model and some Javascript functionality be limited? In discussing your answer, describe two types of computer attacks/ viruses that may be initiated by scripting code in the browser environment. What else can we do to combat this?

Q2. The ideal of the Web is based on open interchange of ideas, information and code. However, sometimes a lot of work is needed in developing functionality for Web pages in the form of scripting code. Sometimes there is a desire to protect that intellectual property. Discuss how you might go about hiding this information from “Code Surfers”… if indeed you can.

Answer 1

1. Yes, access to elements of the document object model and some javascript functionality must be limited because if we give unlimited access to everyone, then hackers get advantage of it and will inject malicious code into your program. The two types of viruses that may be initiated by scripting code in the browser are as below.

• Cross-site scripting.
• Phishing.

Cross-site scripting: Cross site scripting is a client side injection side. The main goal of the attacker is to execute malicious code in web application of the victim. This actually happens when the victim visits the webpage. In order to combat this the code should sanitize data input by users before giving it back. All the validitions should take place to combat this type of attack.

Phishing: This type of attack draws the user attention that it is coming from most trusted sources in the form of mails. There will be link to the webpage, once user clicks on it, then the malicious code will be injected into the script of the victim and can damage the files or the injector can get the information that is needed.Do not accept the mails that doesn't belong to your work or block the mails or don't open such kind of mails.

2. Every company has its own intellectual property that should be owned by company not anyone else. The intellectual property must be copyrighted or patented or must be registered for trademark. So that code surfers cannot copy, eventhough if they copy we can take a legal action on him. There will be trade secrets that can gain advantage over competitors must be kept as secret and should not reveal to anyone in any case.