Securing client-side javascript

D

davidr

I have a question. Is javascript that is ran 100% on the client-side
and never does any postback/callback to the server hack proof? A user
can open the source code look at it, but is there a way for him to
change it so it does what it isn't supose to do. For example,
you use the javascript to disable/enable buttons on an .aspx page.
Would it be easy for someone to change the javascript to decide which
buttons get enabled/disabled? I know you can use validation on
textboxes to prevent <script></script> to get ran on the client side,
is there any other way though? This is new to me so I look forward to
people's opinions on security for javascript. Thanks,

David
 
S

Scott M.

Any client-side code (HTML/JavaScript) can be viewed, changed and saved
locally on the client. So yes, someone could bypass client-side validation
of data and attempt to submit incorrect data, for example. This is why (in
the case of validation), you should always do a second, server-side,
validation of the data before processing it.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

JavaScript Challenge: Validating Email Addresses 1
New here, Javascript password protect site not working on mobile 3
My JSP/Javascript page looks differently on 2 different machines 0
Button enabling before all inputs are filled and disabling when all inputs are filled 1
client-side javascript mixed with postback 0
Javascript scroll to sections and also scroll to section but open relevant nav-tab 4
Making a client side script Server Side 47
FAQ Topic - How do I get a jsp/php variable into client-side javascript? (2010-05-03) 22

Members online

Total: 28 (members: 2, guests: 26)
Robots: 457

Forum statistics

Threads
473,767
Messages
2,569,572
Members
45,046
Latest member
Gavizuho

Latest Threads

Top