# Chrome console security

## Recommended Posts

So I've been playing around with my site trying to send stuff to the server which isn't intended.  I noticed that Chrome console really lets you do what you want.  I can even redefine whole functions, glean into the inner-eds of my closures and then fire off stuff to the server that wasn't intended.   :unsure: However, I did notice that within a closure if a variable is not apart of the return function such as

var myfunction = (function (){
var a = 'ha!';
var b = 'boo!';

return function( x ){
console.log( b + ' ' + x );
};
};


Then 'a' is not actually retrievable by chrome console in any way shape or form.  is this true??

[EDIT]: please disregard this question.  I have learned that it is impossible to harden client script and prevent the client from sending malicious stuff to the server.  The objective is to harden the server.

Edited by Awoken

##### Share on other sites

First: yes, you cannot "harden" the client, because the user can write whatever code he wants and run it any way he wants.

Second: in JavaScript, a closure closes over (captures) all variables that it uses out of the lexical scope when it is defined. It doesn't have to be part of the return value; it just has to be used in the function for it to be captured (closed into the closure.)

## Create an account

Register a new account