Securing JS variables?
Securing JS variables?
Is there anyway way to secure JS variables or make them harder to alter? I know you could obfuscate the code, but anything else to stop people from or even making it harder for them to find and change variables from console?
- a_bertrand
- Posts: 1536
- Joined: Mon Feb 25, 2013 1:46 pm
Re: Securing JS variables?
yes and no. As the code is there in front of everyone, you can't really do much. What you could do is create some "class" which stores your value plus like a 255-value or whatever calculation you want, and compare the 2. If they don't match, then somebody played with your variable.
Will that be safe? not really, as you can as well see that, and change both, or call the right function to modify it.
The only safe way to do it, is to make the calculation on the server side.
Will that be safe? not really, as you can as well see that, and change both, or call the right function to modify it.
The only safe way to do it, is to make the calculation on the server side.
Creator of Dot World Maker
Mad programmer and annoying composer
Mad programmer and annoying composer
Re: Securing JS variables?
A great way to secure js variables is to create them in a scope within a closure e.g.
Code: Select all
(function() {
var score = 0;
window.increaseScore = function() {
score++;
}
window.sendScore = function() {
window.sendScoreWithAJAX(score);
}
})()
increaseScore() // score = 1
increaseScore() // score = 2
sendScore()
console.log(score) // undefined
Orgullo Catracho
- a_bertrand
- Posts: 1536
- Joined: Mon Feb 25, 2013 1:46 pm
Re: Securing JS variables?
Not really, as you can easily but a breakpoint within the scope, and then modify the value live. Sure you can't easily change it just via the console... but still.
Creator of Dot World Maker
Mad programmer and annoying composer
Mad programmer and annoying composer
Re: Securing JS variables?
Well it adds a layer of security to that variable and makes the variable harder to alter so why not. Of course there's no unbreakable way to secure things in js. Most secure way of course would be making the calculations on server side.
Orgullo Catracho
Re: Securing JS variables?
Let`s be honest here, it`s impossible. Javascript is and will always be open. Publicly visible. There`s no way to secure it. You can obfuscate, you can hide it, but you can`t make it secure enough to rely on. Period.
As betrand said, if you need security, use a backend.
As betrand said, if you need security, use a backend.
- Jackolantern
- Posts: 10891
- Joined: Wed Jul 01, 2009 11:00 pm
Re: Securing JS variables?
Don't even bother. The only thing you can really accomplish is to give yourself a false sense of security to make some huge mistake
Minify your JS, since you should anyway for production. But the server should still treat every connection as a completely fraudulent hacked client until it can prove on its own that it is not.
Minify your JS, since you should anyway for production. But the server should still treat every connection as a completely fraudulent hacked client until it can prove on its own that it is not.
The indelible lord of tl;dr