Securing client-side javascript

Discussion in 'ASP .Net Security' started by davidr@sharpesoft.com, Aug 2, 2006.

  1. Guest

    I have a question. Is javascript that is ran 100% on the client-side
    and never does any postback/callback to the server hack proof? A user
    can open the source code look at it, but is there a way for him to
    change it so it does what it isn't supose to do. For example,
    you use the javascript to disable/enable buttons on an .aspx page.
    Would it be easy for someone to change the javascript to decide which
    buttons get enabled/disabled? I know you can use validation on
    textboxes to prevent <script></script> to get ran on the client side,
    is there any other way though? This is new to me so I look forward to
    people's opinions on security for javascript. Thanks,

    David
     
    , Aug 2, 2006
    #1
    1. Advertising

  2. Scott M. Guest

    Any client-side code (HTML/JavaScript) can be viewed, changed and saved
    locally on the client. So yes, someone could bypass client-side validation
    of data and attempt to submit incorrect data, for example. This is why (in
    the case of validation), you should always do a second, server-side,
    validation of the data before processing it.


    <> wrote in message
    news:...
    >I have a question. Is javascript that is ran 100% on the client-side
    > and never does any postback/callback to the server hack proof? A user
    > can open the source code look at it, but is there a way for him to
    > change it so it does what it isn't supose to do. For example,
    > you use the javascript to disable/enable buttons on an .aspx page.
    > Would it be easy for someone to change the javascript to decide which
    > buttons get enabled/disabled? I know you can use validation on
    > textboxes to prevent <script></script> to get ran on the client side,
    > is there any other way though? This is new to me so I look forward to
    > people's opinions on security for javascript. Thanks,
    >
    > David
    >
     
    Scott M., Aug 2, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?Qw==?=
    Replies:
    1
    Views:
    3,246
    Hermit Dave
    Jan 16, 2004
  2. Shaul Feldman
    Replies:
    0
    Views:
    853
    Shaul Feldman
    Apr 16, 2004
  3. Boss302
    Replies:
    0
    Views:
    1,056
    Boss302
    Nov 21, 2006
  4. Bogdan
    Replies:
    2
    Views:
    655
    Bogdan
    Jun 9, 2008
  5. Zoe Hart
    Replies:
    1
    Views:
    373
    Scott Wisniewski
    Jan 8, 2004
Loading...

Share This Page