Page 318 - StudyBook.pdf
P. 318

302    Chapter 5 • Communication Security: Web Based Services

             piled into a language that the machine can understand. For this reason, JavaScript is
             slower than Java applets.There are both client-side and server-side versions of
             JavaScript.
                 Although JavaScript is different from ActiveX and Java in that it is a scripting
             language, it is still possible that a hacker may use a script to acquire information
             about a site or use code to attack a site or client computer. However, JavaScript is
             generally less likely to cause crashes than Java applets.An important part of
             scripting languages like JavaScript and VBScript is that they can run on the client-
             side (i.e., on a browser visiting a site) or the server-side (i.e., the Web site itself).
             Server-side scripting allows Web pages to provide enhanced features and function-
             ality, such as reading and writing to databases, running other programs on the
             server, or other operations that couldn’t be performed using client-side scripting.
             Running scripts on the server as opposed to the client also has other benefits.
             Because the script is executed on the server before any content is provided to the
             browser, the script is processed and the results are provided faster than if they ran
             on the client-side.
                 Because server-side scripts are executed on the Web server, it is important that
             the code doesn’t have errors that would keep the page from displaying properly, or
             not displaying at all. If the script lacked code to handle errors, the Web site may
             respond to the error by not displaying the contents of the page.This could occur
             when the script tries to access variables or a database that didn’t exist, or any
             number of other errors. Similarly, a perpetual loop in the code (where the same
             code is run over and over again without exiting) would prevent the script from
             running as expected, and prevent the page from loading until the Web server timed
             out and ceased execution of the script. By failing to include error handling, scripts
             can prevent a user from accessing Web pages, and in the case of a site’s default page,
             may prevent users from accessing the site at all.



              NOTE

                  As we’ve mentioned in this chapter, another embedded scripting lan-
                  guage that you can use in HTML documents is VBScript. As the name
                  suggests, the syntax of the language looks very similar to Visual Basic,
                  much like JavaScript resembles Java. It offers approximately the same
                  functionality as JavaScript in terms of interaction with a Web page, but
                  a major difference is that VBScript can interact with ActiveX controls
                  that a user has installed. VBScript is often seen in Active Server Pages
                  (ASP), as well as in client-side scripts.




          www.syngress.com
   313   314   315   316   317   318   319   320   321   322   323