Is it possible to send javascript code to a user's browser securely?
Question
Is it possible to send javascript code to a client, and have it send back information to a server, without the user being able to intercept it, see it, or alter it. As far as I know this is not possible, but I am unsure about certain realtime protocols like socket/ajax. Could somebody intercept a web socket?
If this is not possible, is there a clever solution to verify that the code was not altered, or at least make it more difficult for the code to be altered? Perhaps Dom Mutation-Events? What about obfuscating certain sensitive parts of the code/data?
ie: How does Google Analytics know that a given user has not created false data?
1 answers
solution1
2 ACCPTED 2016-04-15 09:56:41
No.
Anything client-side is up for grabs and can be read, stolen or changed.
Never trust anything the client sends to your server. Even if generated by client-side code, the client-side code could have been altered meaning the data is unreliable. Even Flash can be decompiled, or the requests sent through the host browser can be manipulated.
The trust level only extends to the fact that you can reasonably expect data not to have been altered in transit when HTTPS is used (of course caveats apply). This is only a trust relationship between the user and server though, so does not account for malicious users of your application or if the user has been compromised.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.