Sign in to follow this  
Awoken

Chrome console security

Recommended Posts

So I've been playing around with my site trying to send stuff to the server which isn't intended.  I noticed that Chrome console really lets you do what you want.  I can even redefine whole functions, glean into the inner-eds of my closures and then fire off stuff to the server that wasn't intended.   :unsure: However, I did notice that within a closure if a variable is not apart of the return function such as

var myfunction = (function (){
   var a = 'ha!';
   var b = 'boo!';
  
   return function( x ){
      console.log( b + ' ' + x );
   };
};

Then 'a' is not actually retrievable by chrome console in any way shape or form.  is this true??  

[EDIT]: please disregard this question.  I have learned that it is impossible to harden client script and prevent the client from sending malicious stuff to the server.  The objective is to harden the server.

Edited by Awoken

Share this post


Link to post
Share on other sites

First: yes, you cannot "harden" the client, because the user can write whatever code he wants and run it any way he wants.

Second: in JavaScript, a closure closes over (captures) all variables that it uses out of the lexical scope when it is defined. It doesn't have to be part of the return value; it just has to be used in the function for it to be captured (closed into the closure.)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this