CODEWITHSUNDEEP
javascriptajaxfunctionconsolehide
user2130148
user2130148

Reputation: 48

How to know if a function is called from the javascript console?

I want to know how can we hide a function from the javascript console so that it can't be called from it.

To let you better understand the problem , suppose that I have a javascript function that adds some records on the database using Ajax, and anyone else can use this function from the console to add as many records as he wants on the database. I want the function to be called from the web application and not from the console... I tried to obfuscate the code to hide it but we can still find the function from Google Chrome javascript console.

Upvotes: 1

Views: 665

Answers (1)

Michael Zaporozhets
Michael Zaporozhets

Reputation: 24526

No matter how much you obfuscate and hide your code, any javascript that can be executed on the client side can be executed in the console and you should always be running permissions/security checks on the server side if you wish to have any real control over the security of such functions.

That being said, you can restructure your code inside an immediately invoked function expression which will not be callable as easily from the console as usual like so:

(function() {
    var myUncallableFunction = function() { alert('meow'); }
})();

the function myUncallableFunction will only be able to be called from within the parent function as it is a local variable to that parent function and is therefore inaccessible outside of it.

You will still be able to call this function inside of that parent however like so:

(function() {
    var myUncallableFunction = function() { alert('meow'); }
    myUncallableFunction();
})();

Upvotes: 5

Related Questions