检查javascript的完整性,用户代码=服务器代码
[英]Checking integrity of javascript, user code=server code
问题描述
有没有办法验证用户在使用客户端页面时是否使用Firebug更改了jQuery / JavaScript?
3 个解决方案
解决方案1
4 2012-09-19 10:07:44
No, there is no way to verify this. 
不,没有办法验证这一点。
When it comes to input from the browser, you should always verify and validate. 说到浏览器的输入,您应该始终验证并验证。 Never trust the client . 永远不要相信客户 。
解决方案2
1 2012-09-19 10:07:47
不。客户从根本上说不安全,属于用户,而不属于您。
解决方案3
0 2012-09-19 16:21:40
Short answer it doesn't matter. 简短的回答没关系。
Long answer: 答案很长:
It matters if you are treating the JavaScript as part of your application structure, similar to how a SQL injection attack does bad things to your system. 如果您将JavaScript视为应用程序结构的一部分,那就很重要了,类似于SQL注入攻击对系统造成不良影响的方式。 You should validate that anything that gets passed from the client is sanitized before being stored. 您应该验证从客户端传递的任何内容在存储之前都要进行清理。 The interesting attack vector here is if you allow me to persist elements into the structure of the web page and retrieve them at a later time. 这里有趣的攻击向量是你允许我将元素保存到网页结构中并在以后检索它们。 You have opened the doors to a reflected XSS attack (one of my favorites). 你已经打开了反射XSS攻击的大门(我最喜欢的一个)。 This is indicative of a failure to sanitize user input and/or a failure to separate concerns UI from the system level code. 这表示未能清理用户输入和/或未能将关注UI与系统级代码分开。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.