Kiosk mode for Websites
Question
Some of the secure websites on internet such as banks etc. have disabled "Right-click". I know that it's just for preventing the end-user from accessing "Inspect Element" or the "Toolbox" items. But, on some browsers, just pressing F12 key, or any equivalent might does the job.
So, Is there any way to check the webpage for change in code(HTML,CSS and JS) continously, and redirect them to a warning page, if anyone attempts to tamper the code? or just prevent them before they even try to read the code?
3 answers
solution1
1 2015-12-13 06:52:35
I agree with jeff in the comments above; don't worry about those users because you'll never get security tight enough to thwart everyone. Just worry about the 99%. If anyone says they can prevent all users from modifying browser code it is a lie.
Do your actual processing and logic on the server side, not in browser, and NEVER trust ANYTHING they send you. Assume it is a lie or garbage until you validate otherwise.
solution2
1 ACCPTED 2015-12-13 07:08:43
Disabling right-click is the absolute easiest thing to work around. You can never completely rely on a web browser to secure your content. Additionally, most, if not all, major modern web browsers have built in protection against cross-site scripting. These browsers are likely going to be better at detecting these than you are. I would actually suspect any Javascript attempt you make to prevent cross site scripting could actually make your page more vulnerable to it.
Some things you could look into to make your web server safer:
- When using forms, consider using an anti-forgery token .
- Always validate user input. Your web server sends messages to a client computer which then loads that content into a web browser. A good hacker doesn't even need a web browser to hack your web site. So, you can't assume incoming messages are safe at all. This is why you need to validate all input.
- Consider creating honeypots to detect malicious attempts by robots or hackers.
solution3
0 2015-12-13 06:42:05
Likely no, because that action(starting inspector) occur on different layer of browser functionality, html and javascript simply has no access to that layer. As result it's impossible to prevent that action ( viewing html and javascript of page).
If you would lock all possible actions which open js inspector. I am sure that there ways to lock your event bindings, for instance executing js code prior youth, which make it's impossible to add your own lockers for F12, right click and other actions.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.