在 chrome 控制台或 firefox 控制台中使用我网站上的功能?
[英]Using functions from my website in chrome console or firefox console?
问题描述
I have a webpage up and running that has two js files with a bunch of functions.
我有一个网页正在运行,它有两个带有一堆功能的 js 文件。 My HTML code loads these scripts as modules on startup.我的 HTML 代码在启动时将这些脚本作为模块加载。 Problem is that i have a function called "showAdminTools()" and im afraid that this functions perhaps can be accessed through the chrome dev tools by non admins?问题是我有一个名为“showAdminTools()”的 function,恐怕非管理员可以通过 chrome 开发工具访问此功能?
3 个解决方案
解决方案1
2 2020-04-09 11:22:39
If the user isn't an admin, then don't send anything to their browser which should only be available to admins.如果用户不是管理员,则不要向他们的浏览器发送任何内容,这些内容应该只对管理员可用。
If the script is sensitive, then put it behind Authn/Authz and don't include it in a <script> if the user isn't an admin.如果脚本很敏感,则将其放在 Authn/Authz 后面,如果用户不是管理员,则不要将其包含在<script>中。
解决方案2
1 已采纳 2020-04-09 11:22:46
Yes everyone can access them with the console.是的,每个人都可以通过控制台访问它们。
解决方案3
0 2020-04-09 11:34:27
Actually im stupid, i already have server side code that prevents requests from client unless the user already is admin, so it does not matter if they can go into admin tools or not, any request from the admin tools page will be denied by server...实际上我很愚蠢,我已经有服务器端代码阻止来自客户端的请求,除非用户已经是管理员,所以不管他们是否可以 go 进入管理工具,来自管理工具页面的任何请求都将被服务器拒绝。 ..
SORRY FOR WASTING TIME抱歉浪费时间
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.