Home/ Questions/Q 1030667
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T12:44:16+00:00

In a previous question I asked about weaknesses in my own security layer concept…

  • 0

In a previous question I asked about weaknesses in my own security layer concept… It relies on JavaScript cryptography functions and thanks to the answers now the striking point is clear that everything that is done in Javascript can be manipulated and can not be trusted…

The problem now is – I still need to use those, even if I rely on SSL for transmission…

So I want to ask – is there a way that the server can check that the site is using the “correct” javascript from the server?

Anything that comes to my mind (like hashing etc.) can be obviously faked… and the server doesn’t seem to have any possibility to know whats going on at the clients side after it sent it some data, expept by HTTP headers (-> cookie exchange and stuff)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It is completely impossible for the server to verify this.

    All interactions between the Javascript and the server come directly from the Javascript.
    Therefore, malicious Javascript can do anything your benign Javascript can do.

    By using SSL, you can make it difficult or impossible for malicious Javascript to enter your page in the first place (as long as you trust the browser and its addons), but once it gets a foothold in your page, you’re hosed.

    Basically, if the attacker has physical (or scriptual) access to the browser, you can no longer trust anything.

    • 0