0
Follows the code:
Html5:
<button id="btnSave" data-id="1">Save Click</button>
JS:
$(document).ready(function() {
$("#btnSave").click(function(e) {
AlertSave($(this).data("id"));
});
});
function AlertSave(a) {
alert(a);
}
If you prefer in jsfiddle: http://jsfiddle.net/h4JXs/5316/
I want to keep the value data-id so that it is not changed in the f12 (inspector of elements).
Some solution ?
2
Preventing the data from being altered is hopeless. It may not even be a browser that accesses your site, it may be a bot, it may be a script in some programming language created to simulate being a browser, but that completely ignores Javascript, and whose purpose is to cheat your site. In short, you can have absolutely no illusion of control over what happens on the other side of the network cable.
If you want to store a value on a page, and you want that value sent back without change, you need to digitally sign that value on the server, save it with the signature on the page, and when you get the value back on the server, verify the digital signature to determine whether or not it has been altered. This way you can’t prevent the value from being changed, but you have the guarantee (of the digital signature algorithm) that you will discover if the data has been changed.
This is one of the ways the web framework Django uses to record cookies securely.
Browser other questions tagged javascript html5
You are not signed in. Login or sign up in order to post.
You can try to hinder access to browser debugging tools, but block definitely, no ha.
– MarceloBoni
Suppose the hacker can’t change the value in F12 mode, but he changes the request in transit, using some firewall rule that he specifically configured to cover up his site. You got a way to fix that, too? It seems to me that you want the client’s computer, running code completely unknown to you, totally out of your control, ensure the security of your application. That is simply impossible.
– lvella
If it is in front-end, it will be possible to change it :/
– BrTkCa
@Lucascosta, I understand, thank you for answering
– Matheus Miranda
@Ivella, the safest is by the database ? Type, select and check if there is this value ...
– Matheus Miranda
From the moment the information is transitioned to the client side, again, the most you can do is hinder access, block modification of it is impossible. If you want to validate anything, the best way is on the server side
– MarceloBoni
@Matheusmiranda I don’t know what you’re trying to do, but checking the value in the database doesn’t seem like a good idea at first. An attacker could use this to try and determine, in trial and error, the contents of your database, for example. But you can’t answer without understanding the problem better.
– lvella