[英]Security Audit Issue [For Asp.Net WebForms] : Source code disclosed
This is javascript code , which is really common to be exposed/disclosed (*) simply because it is intended to be downloaded to the browser where it then runs.这是javascript 代码,它很容易被公开/披露 (*),因为它旨在下载到然后运行它的浏览器。 To label this a risk might seem abundant, although there could be some risk depending on what it is that you put in it.
对于 label 来说,这似乎是一个很大的风险,尽管可能存在一些风险,具体取决于您放入的内容。
The question is mainly: could this code be exploited, or could it be altered into something that is dangerous?问题主要是:这段代码可以被利用,还是可以被修改成危险的东西?
The answer is to not put secrets in it, and also to never rely on client-side- only logic and validation.答案是不要把秘密放在里面,也不要依赖客户端的逻辑和验证。 Always have a server side equivalent that enforces whatever rules need to be enforced, and use SSL/https so the connection is secure, and then you should be good.
始终有一个服务器端等效项来强制执行任何需要强制执行的规则,并使用 SSL/https 以确保连接安全,然后你应该会很好。
(*) just hit F12, go to tab Sources or Debugger, and you'll see it here as well (*) 只需按 F12、go 到选项卡 Sources 或 Debugger,您也会在此处看到
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.