Modifying JavaScript on sites

1

How far can an end user modify and manipulate everything? As far as I know it's literally everything, but if there is one way to avoid it? Or precaver or simply prevent JS from being edited by Firebug or something ..

    
asked by anonymous 09.04.2015 / 04:17

3 answers

4

Basically you have nothing to do. From the moment your software sends code to an unknown computer to run there, it is the prerogative of this machine to do whatever it wants with the code. It would not be fair to let a stranger execute a code that he or she understands without the owner of the running environment being able to interfere.

There are some techniques that can make it difficult, but whoever wants to do it will do it. Not worth the effort, it will certainly be ineffective and any technique will be defeated with relative ease. At worst the user will not try because it has no value in doing, which means that the protection attempt is innocuous.

One of these techniques is the code obfuscation . If the code becomes too illegible it will be more difficult to modify it. If I were to do something like that, it would be this technique I would adopt. But I would be aware of her ineffectiveness.

And this is one of the biggest reasons to never trust anything that comes from a client.

    
09.04.2015 / 04:36
1

Yes, as far as I know you can play with JavaScript on a website, some browsers even provide a console for debugging your code (like Chrome). And there are a few ways to avoid it, but as they say, what is "safe" nowadays?

Method 1

I will be honest, I did not read the entire article, but even if it is very old, I believe that the method is still "usable" (otherwise, please let me know). Basically, instead of calling the script in the conventional way:

<script src="script.js"></script>

You call another file, which in the case is one of type .asp and makes use of AJAX requests in order to hide the code. Article link: link

Method 2

I prefer this form because it also greatly speeds up the loading speed of the page. This method consists of using an obfuscator that compresses your code and leaves it unreadable, exchanging / encrypting (depends on which tool will use) much of the code. There are several online tools that do this for you:

Remembering that like I said, nothing is safe nowadays, especially when your code is exposed directly to anyone. That's why it's always important to be aware when creating a script and never putting credentials in them (like database passwords), common sense is never too much.

If you would like to read more about the subject: link

    
09.04.2015 / 04:43
1

The user will always be able to use a proxy to intercept the communications with the server and modify them before the data reaches the browser. You have nothing to do.

    
09.04.2015 / 20:43