Re: Securing client-side javascript
- From: "Scott M." <s-mar@xxxxxxxxxxxxx>
- Date: Wed, 2 Aug 2006 11:59:03 -0400
Any client-side code (HTML/JavaScript) can be viewed, changed and saved
locally on the client. So yes, someone could bypass client-side validation
of data and attempt to submit incorrect data, for example. This is why (in
the case of validation), you should always do a second, server-side,
validation of the data before processing it.
<davidr@xxxxxxxxxxxxxx> wrote in message
news:1154532555.565812.257170@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I have a question. Is javascript that is ran 100% on the client-side
and never does any postback/callback to the server hack proof? A user
can open the source code look at it, but is there a way for him to
change it so it does what it isn't supose to do. For example,
you use the javascript to disable/enable buttons on an .aspx page.
Would it be easy for someone to change the javascript to decide which
buttons get enabled/disabled? I know you can use validation on
textboxes to prevent <script></script> to get ran on the client side,
is there any other way though? This is new to me so I look forward to
people's opinions on security for javascript. Thanks,
David
.
- References:
- Securing client-side javascript
- From: davidr
- Securing client-side javascript
- Prev by Date: Securing client-side javascript
- Next by Date: Re: tighten password policy
- Previous by thread: Securing client-side javascript
- Next by thread: Re: tighten password policy
- Index(es):
Relevant Pages
|
