Securing JS variables?

Need help with an engine or coding not on the list? Need help with a game or the website and forums here? Direct all questions here.
Post Reply
User avatar
Script47
Posts: 147
Joined: Thu Nov 21, 2013 6:11 pm

Securing JS variables?

Post by Script47 »

Is there anyway way to secure JS variables or make them harder to alter? I know you could obfuscate the code, but anything else to stop people from or even making it harder for them to find and change variables from console?
Top
User avatar
a_bertrand
Posts: 1536
Joined: Mon Feb 25, 2013 1:46 pm

Re: Securing JS variables?

Post by a_bertrand »

yes and no. As the code is there in front of everyone, you can't really do much. What you could do is create some "class" which stores your value plus like a 255-value or whatever calculation you want, and compare the 2. If they don't match, then somebody played with your variable.

Will that be safe? not really, as you can as well see that, and change both, or call the right function to modify it.

The only safe way to do it, is to make the calculation on the server side.
Creator of Dot World Maker
Mad programmer and annoying composer
Top
User avatar
Ark
Posts: 427
Joined: Wed Jun 01, 2011 10:25 pm

Re: Securing JS variables?

Post by Ark »

A great way to secure js variables is to create them in a scope within a closure e.g.

Code: Select all

(function() {
  var score = 0;
  window.increaseScore = function() {
    score++;
  }
  window.sendScore = function() {
    window.sendScoreWithAJAX(score);
  }
})()

increaseScore() // score = 1
increaseScore() // score = 2
sendScore()
console.log(score) // undefined
Orgullo Catracho
Top
User avatar
a_bertrand
Posts: 1536
Joined: Mon Feb 25, 2013 1:46 pm

Re: Securing JS variables?

Post by a_bertrand »

Not really, as you can easily but a breakpoint within the scope, and then modify the value live. Sure you can't easily change it just via the console... but still.
Creator of Dot World Maker
Mad programmer and annoying composer
Top
User avatar
Ark
Posts: 427
Joined: Wed Jun 01, 2011 10:25 pm

Re: Securing JS variables?

Post by Ark »

Well it adds a layer of security to that variable and makes the variable harder to alter so why not. Of course there's no unbreakable way to secure things in js. Most secure way of course would be making the calculations on server side.
Orgullo Catracho
Top
Xaleph
Posts: 897
Joined: Mon Feb 07, 2011 2:55 am

Re: Securing JS variables?

Post by Xaleph »

Let`s be honest here, it`s impossible. Javascript is and will always be open. Publicly visible. There`s no way to secure it. You can obfuscate, you can hide it, but you can`t make it secure enough to rely on. Period.

As betrand said, if you need security, use a backend.
Top
User avatar
Jackolantern
Posts: 10891
Joined: Wed Jul 01, 2009 11:00 pm

Re: Securing JS variables?

Post by Jackolantern »

Don't even bother. The only thing you can really accomplish is to give yourself a false sense of security to make some huge mistake :P

Minify your JS, since you should anyway for production. But the server should still treat every connection as a completely fraudulent hacked client until it can prove on its own that it is not.
The indelible lord of tl;dr
Top
Post Reply

Return to “Advanced Help and Support”