Reputation: 311
Can JavaScript variables be easily modified maliciously?
I am setting up a quiz that uses boolean variables for correct/incorrect and then passes those variable values to a PHP script via Ajax for processing and storing in a database.
How easily could someone override the values set by my code with after finding the var names with "view source"?
Upvotes: 1
Views: 384
Answers (3)
Reputation: 13483
Yes.
You should send the answers to the server and let the server grade the quiz.
Upvotes: 2
Reputation: 79
for testing purpose you can use firefox add on firebug or chrome's developer tool kit. Change your javascript variable using inspect element and than perform action of button which posts your data. On server side you should make sure that posted variable must be any of variable that is in option of answer of that question.
Upvotes: 0
Reputation: 4397
They can do it easily using Chrome/Firebug Console by issuing a Javascript command over there like
var your_var_name = 60;
You must have backend synchronization also to prevent this.
Upvotes: 0
Related Questions
- What was data tainting in JavaScript?
- How easy is it for a user/browser to manipulate Javascript?
- Can my JavaScript code be edited at runtime by (malicious) users?
- Are javascript private variables really safe?
- Javascript modification security?
- Is it possible for a user to modify site javascript in browser?
- How to prevent hacking if users change html/javascript variables on client side?
- Is it possible for a website to know if you edit their javascript variables?
- Do JavaScript anonymous functions protect against client-side editing?
- Security in JavaScript Code