Reputation: 1071
if you render your page with JS and need to implement a security feature, it comes down to something such as this:
var userID = getUserID();
if (userID == 1) {
html += renderDeleteButton();
}
But won't the user be able to just open the debugger and change the value of userID ?
Upvotes: 0
Views: 371
Reputation: 46657
Validation/security checks in javascript are always only done to save the user the time of a trip to the server and back. They are strictly for performance only.
If you want actual security, it must be implemented on the server.
Upvotes: 1
Reputation: 126
Do not trust anything from a client side script like JS. All client side scripts can be manipulated by the user. Any secure type of code should reside in a server side script.
Upvotes: 2
Reputation: 397
Yes they will. With JS, the user can do whatever the heck they want. This is why security stuff should go in your server-side code (PHP / ASP / etc.), as users cannot modify it.
Upvotes: 8