• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Prevent client-side modifications

 
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Are there any ways to prevent the execution of code that has been modified by the client ? Or at least to cope with them ?

Maybe there are tools to obfuscate & checksum javaScript code ?
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
JavaScript minimizer
 
author
Posts: 15385
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is no way to prevent the user from modifying your code on the client.

Serverside validation is important.

Eric
 
Ranch Hand
Posts: 198
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Bear Bibeault , I always had this question: will minimizing js help as a 'checksum' for the js code?
 
Eric Pascarello
author
Posts: 15385
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tina Ma wrote:Bear Bibeault , I always had this question: will minimizing js help as a 'checksum' for the js code?



checksum for what?

Eric
 
Tina Ma
Ranch Hand
Posts: 198
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I used the word checksum referring to Jan Goyvaerts's original post. Now, I meant to use that word as a way of expressing "security and/or prevention of hacking" of the javascript code.
 
Eric Pascarello
author
Posts: 15385
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is no way to use that information with the client to make sure that no one messed with the code.

JavaScript is like trusting the valet with your car. You hope that the time when you hand it off to the time you get back into your car that they did not do anything with it. They could have gone through the glove box, trunk, or looked under your hood. You can do preventable stuff, but there is nothing you can do to make sure it is 100% safe other than never using a valet. [aka never serving that JavaScript to the user.]

What are you trying to protect? Maybe there is a better way of "securing" the logic you are trying to hide.

Eric
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic