• Advertisement
Sign in to follow this  

Chrome console security

This topic is 382 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

So I've been playing around with my site trying to send stuff to the server which isn't intended.  I noticed that Chrome console really lets you do what you want.  I can even redefine whole functions, glean into the inner-eds of my closures and then fire off stuff to the server that wasn't intended.   :unsure: However, I did notice that within a closure if a variable is not apart of the return function such as

var myfunction = (function (){
   var a = 'ha!';
   var b = 'boo!';
  
   return function( x ){
      console.log( b + ' ' + x );
   };
};

Then 'a' is not actually retrievable by chrome console in any way shape or form.  is this true??  

[EDIT]: please disregard this question.  I have learned that it is impossible to harden client script and prevent the client from sending malicious stuff to the server.  The objective is to harden the server.

Edited by Awoken

Share this post


Link to post
Share on other sites
Advertisement

First: yes, you cannot "harden" the client, because the user can write whatever code he wants and run it any way he wants.

Second: in JavaScript, a closure closes over (captures) all variables that it uses out of the lexical scope when it is defined. It doesn't have to be part of the return value; it just has to be used in the function for it to be captured (closed into the closure.)

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement