Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I realize that we can view the JS code in the browser via Inspect element > source or the like. For example, I have following code and it can be view under “source”.
$.ajax({
url: baseUrl + 'location/insert_user_location',
type: "post",
data: {address:address,lat:lat,lng:lng,acc:acc},
}).done(function(){
getUserLocation();
});
Is this insecure, or does it even matter?
No, it’s not insecure, because your
location/insert_user_locationURI is correctly secured on the server side, right? For the same reason you should not trust client-side form validation and always perform the same validation on the server side.There is no way to “hide” JavaScript on the client side. No matter how deeply it’s hidden and how well obfuscated, hacker will always be able to analyze it.