cory_r — 2010-01-15T00:03:06-05:00 — #1
How do you protect your scripts that parse on a page from browser extensions, such as Firebug, where users can edit variables and other queries?
felgall — 2010-01-15T01:07:35-05:00 — #2
You can't because the browser owner has the final say. That's why any input you receive from the page needs to be validated on the server.
Anyway Firefox is the only browser to require an extension to fo that. Internet Explorer, Opera, Safari, and Chrome all have the functionality to fo that built in.
hosting24 — 2010-01-15T07:41:00-05:00 — #3
It's impossible to protect scripts from browser extensions. However, you can always secure your sites by using multiple checks for each form to make sure these "smart" guys won't be able to bypass site limits and restrictions.
felgall — 2010-01-15T14:11:08-05:00 — #4
It's impossible to protect scripts from browsers.
No extensions required.
alexdawson — 2010-01-19T07:48:02-05:00 — #5
More to the point, why would you want to protect your scripts? All it does is increase the workload on your server (verifying everything), increase the chances of theft (surprisingly if you try and protect your code, the "bad people" often see this as a challenge to rip your work apart and redistribute it) and it's pointless bulk being added to your scripts (as there's always a very simple way to override your code - the great thing about the web being open). Sorry to say it but it's pointless to try and control your users, at best the most you will achieve is punishing your legitimate users and leaving them the ones all the worse off.
cory_r — 2010-01-20T01:47:39-05:00 — #6
Thanks everyone for the support.
We decided that blocking browser extensions wasn't the best way to protect our cross-forum chat system, so we'll likely be resorting to a login system.