David
David

Reputation: 1071

Javascript: How to secure your code

if you render your page with JS and need to implement a security feature, it comes down to something such as this:

var userID = getUserID();
if (userID == 1) {
   html += renderDeleteButton();
}

But won't the user be able to just open the debugger and change the value of userID ?

Upvotes: 0

Views: 371

Answers (3)

jbabey
jbabey

Reputation: 46657

Validation/security checks in javascript are always only done to save the user the time of a trip to the server and back. They are strictly for performance only.

If you want actual security, it must be implemented on the server.

Upvotes: 1

running_randall
running_randall

Reputation: 126

Do not trust anything from a client side script like JS. All client side scripts can be manipulated by the user. Any secure type of code should reside in a server side script.

Upvotes: 2

Joe Malt
Joe Malt

Reputation: 397

Yes they will. With JS, the user can do whatever the heck they want. This is why security stuff should go in your server-side code (PHP / ASP / etc.), as users cannot modify it.

Upvotes: 8

Related Questions