如何prevent用户在调试模式去与他们的浏览器 [英] How to prevent users to go in debug mode with their browser
问题描述
这听起来很傻,但作为一个开发者,我使用Chrome的调试器,每天来测试我的Web应用程序,不过虽然这些工具对于我们开发商有价值的,它也可能对我们的用户是如何使用的要与我们的系统混乱。
This might sound silly, but as a developer, I'm using the debugger in Chrome every day to test my web applications, but although these tools are valuable for us developers, it might also be used against us by users how wants to mess with our systems.
您可能知道,这是很容易,使用调试器,重新启用一个按钮,这是previously设置为禁用或更改隐藏标签或变量的值。然后,它会很容易地张贴不能假设的形式发送,使用伪造的值...
You probably know that it is fairly easy, using the debugger, to re-enable a button that was previously set to disabled, or change the value of hidden tags or variables. It would then be easy to post a form that is not suppose to be sent, with forged values...
难道是一种方法,prevent时,显示在生产环境中你的页面中使用的所有debbugging工具?
Would it be a way to prevent all debbugging tools to be used when your page is displayed in production environment?
某种meta标签可以添加到网页,还是其他什么东西?
Some sort of meta tags that could be added to the web page, or something else?
我知道我可以抢我的JS脚本,但是否有其他方法吗?
I know I could scramble my JS scripts but is there any other ways?
感谢
推荐答案
没有,这是不可能的。正如约翰·孔德说,你应该使用服务器端验证,以防止无效的输入。即使没有调试为你给他们打电话时,用户可以随时GET / POST请求(用虚假数据),以您的表单提交网址。
No, this is not possible. As John Conde said you should use server-side validation to protect against invalid input. Even without a "debugger" as you call them, a user can always GET/POST a request (with bogus data) to your form submission URL.
这篇关于如何prevent用户在调试模式去与他们的浏览器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
