security - JavaScript, disable breakpoints -
in order secure spa, need way disable js breakpoints.
currently, i'm still able add together runtime breakpoints chrome devtool , alter variable value of objects. not in console in runtime.
if attacker able alter attributes value of app objects application compromised.
do have suggestion prevent behaviour?
the best insert in js:
console.ignorebreakpoints();
as practical measure, can seek create more hard through code minifying or otherwise obfuscating javascript before sending client. cannot rely on any client-side behavior secure website. security checks must re-checked server-side.
even if there way instruct chrome not allow people dev tools (and there isn't), users still alter values in browser various other tools on computer. or compile own custom version of browser. or send server bad information, without running client-side code @ all.
javascript security google-chrome-devtools backbone-model
No comments:
Post a Comment