Reputation: 47
JavaScript: Is it Safe to Predefine Password in Code
I'm new to JavaScript and Web Development over all, I was just wondering if it is safe to define a predefined Usernamee and Password in a JavaScript file.
You obviously can read the HTML but will my password be exposed if I predefine it in the code?
Thanks in advance.
Upvotes: 0
Views: 28
Answers (1)
Reputation: 370789
No, it's not safe. The JavaScript file(s) sent by the server to the client are (usually) just as interceptable and readable by an interested party as the HTML source files. Usually, all it'd take is opening up the network tab, looking for .js requests, and clicking on them to see what the response payload was.
If you want to require a password for something, set up a server, and do the verification only on the server, without sending anything sensitive to the client.
On the server, while hard-writing the password into the code would theoretically be mostly safe, it's still problematic, because those reading the source code would have instant access to the password, which may not be desirable - and source code can get leaked too. You probably don't want passwords in the code to be saved forever in the Git commit history.
Better to set up a database on the server and save the hashed passwords in the database. Another place passwords are sometimes stored is in environment variables.
Upvotes: 3
Related Questions
- generate a secure password in javascript
- Is javascripts access to a password fields value considered a security risk?
- Holding password in javascript variable - security implications?
- What are the security implications of storing passwords in Javascript variables?
- Javascript Password Protected area.. must be better way
- Storing user's password for web application in client-side JavaScript - is this secure?
- HTML protect password fields
- Is javascript injection of password in form safe?
- How bad is this? storing password in javascript
- What are the security considerations for a javascript password generator?