Javascript modification security?

Question

As my website depends a lot on Javascript, I would like to know: Is it possible for the user to edit .js files? Because this way they can delete condition checks and get access to stuff they shouldnt have. And mess the whole site. What is the chance of something like this happening and how to avoid it?

Answer 1

No, the user cannot edit the js files. They can however edit the javascript returned from said files and execute as much additional javascript as they wish within the browser. anything you can do with javascript (in the browser), so can the client. This includes anything that is within a conditional that would have normally kept the user out of specific content that they aren't allowed to access.

Do not do security checks client-side, otherwise the client will be able to change said checks to gain access.

Answer 2

Yes. Javascript executes on the browser, and a user can modify that on their own host. It's not sufficient to secure data purely in javascript.

As an example, most browsers come with developer tools that has a javascript console. You can use this to change values in javascript in the running site. In chrome, this can be done by going to Tools -> Javascript Console.

Answer 3

JS files are stored on the server side. User can't modify them. Webmasters can modify it on their own host.

Another scence: The JS File could be modified between the server side and the arrival in the users browser. Network is hijacked.

In this situation， the most effective method is 'HTTPS'