How to disallow to change variable by using Developer tools

StackOverflow https://stackoverflow.com/questions/17989732

Question

I try to disallow user to change my javascript variables by using Developer tools like Firebug

enter image description here

My script so simple like..

var a = 1;
$('button').on('click',function(){
   $('div').html(a);
});

My site allowed to change variables by Firebug, WHY ?

After I did a demo on Fiddle (http://jsfiddle.net/RjQTp/), That I just to know why Fiddle CANT change variables by Firebug.

Can someone expain me pls...

Was it helpful?

Solution

Javascript runs on the client, and many browsers allow you to change javascripts, not just the variable values, but also inserting or deleting lines etc...

For this reason, you should always sanitize incoming data on the server side, even if it is coming from your own website.. In general, you should only consider javascript as a means to improve the UI and user's experience, but never as a means to validate, secure pages or do important business logic.

There are some handy functions included in PHP for handling variable validation

OTHER TIPS

They can change it because it's running on their system, with their rules.

The only way to fight back is to test for changes with your actively running scripts.

I've used a system that declared each variable three times and tested my variables twice a second for changes to any set. Then it changes and discrepancies back to the other two.

But... They could still break my anti-cheat script with their dev tools.

Object.defineProperty(window,'a',{
  value: "test",
  enumerable: true
});

The code above i think, maybe makes it impossible to change, or at least very hard for anyone of my level at least. I just learned about this stuff a month ago. You know early javascript. Only way to overcome this is by deleting window object but if you do that you delete everything. If you are able to do that.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top