1

I want to know how can we hide a function from the javascript console so that it can't be called from it.

To let you better understand the problem , suppose that I have a javascript function that adds some records on the database using Ajax, and anyone else can use this function from the console to add as many records as he wants on the database. I want the function to be called from the web application and not from the console... I tried to obfuscate the code to hide it but we can still find the function from Google Chrome javascript console.

Improve this question
11
  • 1
    You can obfuscate, as you have done, but no, you can't totally "hide" a client side function from the client side (you can make it secure, and idempotent and such, but that's in the implementation, unrelated). Commented Mar 4, 2013 at 1:30
  • No way, even if it would be possible, you can still simulate the request with a browser or specific tool. Commented Mar 4, 2013 at 1:32
  • 1
    There's no such thing as JavaScript security on the client. You need to implement any security measures on the server. Commented Mar 4, 2013 at 1:34
  • 1
    You shouldn't be able to run a function from the console if it's not accessible globally/publicly. Where's that function at? It could be as simple as just wrapping everything in an IIFE. Commented Mar 4, 2013 at 1:34
  • All anyone has to do is to look at what your AJAX call sends over the network and make their own javascript to send that ajax. You can't prevent this with obscurity. Commented Mar 4, 2013 at 1:35

1 Answer 1

Reset to default
5

No matter how much you obfuscate and hide your code, any javascript that can be executed on the client side can be executed in the console and you should always be running permissions/security checks on the server side if you wish to have any real control over the security of such functions.

That being said, you can restructure your code inside an immediately invoked function expression which will not be callable as easily from the console as usual like so:

(function() {
    var myUncallableFunction = function() { alert('meow'); }
})();

the function myUncallableFunction will only be able to be called from within the parent function as it is a local variable to that parent function and is therefore inaccessible outside of it.

You will still be able to call this function inside of that parent however like so:

(function() {
    var myUncallableFunction = function() { alert('meow'); }
    myUncallableFunction();
})();
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.