Which of the following should not be done using client-side scripting?

Question

BlackTom AI · Accepted Answer

Client-side code runs in the user’s browser and is inherently visible and modifiable by the user, so any operation that requires secrecy or authoritative control should not be done solely on the client.

1. Relevant knowledge points and concepts
- Client-side scripting (e.g., JavaScript in the browser) executes on the user’s machine and can be inspected, altered, or bypassed.
- Server-side code runs on a trusted server and is required for enforcing security, validation, and handling sensitive operations.
- “Sensitive data” includes authentication credentials, authorization checks, financial transactions, secret keys, or any data that must be protected from client tampering or exposure.

2. Step-by-step reasoning
- Step 1: Identify what “should not be done” = tasks that require confidentiality, integrity, or authoritative enforcement.
- Step 2: Evaluate each option against the client-side trust model.
- Step 3: If an operation’s correctness or security can be compromised by user inspection/modification, it should not be done client-side.

3. Intermediate considerations (security/UX trade-offs)
- Client-side form validation: good for immediate UX feedback, but must be duplicated server-side for security.
- Asynchronous HTTP requests (AJAX/fetch): a core client-side capability to communicate with servers; appropriate for non-sensitive interactions when combined with server-side checks.
- JavaScript array operations: purely local computations/manipulations are safe to perform client-side.
- Manipulation of sensitive data: exposing or processing secrets or authoritative changes on the client risks data leakage and tampering.

4. Why the correct answer is correct
Manipulating sensitive data on the client exposes it to inspection and alteration, undermining confidentiality and integrity. Sensitive operations (authentication, authorization, financial changes, secret key usage) must be performed and verified on the server.

5. Why other options are incorrect
- a. Form validation: appropriate client-side for UX (but must also be validated server-side).
- c. Asynchronous HTTP requests: intended client-side feature to interact with servers.
- d. JavaScript array operation: standard client-side task for local processing.

6. Conclusion
Therefore the correct choice is b. manipulation of sensitive data, which matches the provided answer.

Which of the following should not be done using client-side scripting?单项选择题

类似问题

At which tiers of a web application should developers enforce security?

Question at position 24 Before entering credit card or other sensitive data on a web page, you should make sure it is using the ________ protocol.httphttpssftpftp

Question at position 8 ________ is a social network attack where clicking on a link allows malware to post unwanted links on your page.LinkjackingClickbaitingSharebaitingClickjacking

What types of attacks does Microsoft IIS help protect against?

An online purchase web application which lets javascript in the browser filter out invalid negative payment amounts is vulnerable to __________.

Attackers may perform reconnaissance on your website by changing parameters using a man-in-the-middle proxy.

Content Security Policy (CSP) is enforced by

SQL injection vulnerability could be used to launch reflective cross site scripting attack.

更多留学生实用工具

智能学习助手

风格化写作助手

论文查重助手

文献引用助手

课堂转译助手

课堂笔记助手

Quiz搜索助手

学校历年真题

智能刷题助手

智能匹配练习

希望你的学习变得更简单