Reputation: 1071
Javascript: How to secure your code
if you render your page with JS and need to implement a security feature, it comes down to something such as this:
var userID = getUserID();
if (userID == 1) {
html += renderDeleteButton();
}
But won't the user be able to just open the debugger and change the value of userID ?
Upvotes: 0
Views: 371
Answers (3)
Reputation: 46657
Validation/security checks in javascript are always only done to save the user the time of a trip to the server and back. They are strictly for performance only.
If you want actual security, it must be implemented on the server.
Upvotes: 1
Reputation: 126
Do not trust anything from a client side script like JS. All client side scripts can be manipulated by the user. Any secure type of code should reside in a server side script.
Upvotes: 2
Reputation: 397
Yes they will. With JS, the user can do whatever the heck they want. This is why security stuff should go in your server-side code (PHP / ASP / etc.), as users cannot modify it.
Upvotes: 8
Related Questions
- What are the ways to protect javascript code
- Javascript security on a server
- Javascript Security
- Secure data in JavaScript
- securing javascript source code
- Improving security with JS
- Security in JavaScript Code
- securing data used in java script file
- Protect content in Javascript
- How to isolate unsecure JavaScript code