Securing client-side javascript

D

davidr

I have a question. Is javascript that is ran 100% on the client-side
and never does any postback/callback to the server hack proof? A user
can open the source code look at it, but is there a way for him to
change it so it does what it isn't supose to do. For example,
you use the javascript to disable/enable buttons on an .aspx page.
Would it be easy for someone to change the javascript to decide which
buttons get enabled/disabled? I know you can use validation on
textboxes to prevent <script></script> to get ran on the client side,
is there any other way though? This is new to me so I look forward to
people's opinions on security for javascript. Thanks,

David
 
S

Scott M.

Any client-side code (HTML/JavaScript) can be viewed, changed and saved
locally on the client. So yes, someone could bypass client-side validation
of data and attempt to submit incorrect data, for example. This is why (in
the case of validation), you should always do a second, server-side,
validation of the data before processing it.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

JavaScript Challenge: Validating Email Addresses 1
Final chapter of "Learn PHP, MySQL and JavaScript" 3
New here, Javascript password protect site not working on mobile 3
My JSP/Javascript page looks differently on 2 different machines 0
Button enabling before all inputs are filled and disabling when all inputs are filled 1
client-side javascript mixed with postback 0
Javascript scroll to sections and also scroll to section but open relevant nav-tab 4
Making a client side script Server Side 47

Members online

No members online now.
Total: 51 (members: 0, guests: 51)
Robots: 434

Forum statistics

Threads
473,994
Messages
2,570,223
Members
46,812
Latest member
GracielaWa

Latest Threads

Top