Shoe Shoe - 19 days ago 5
Javascript Question

Security questions about cookies and javascript

Ok, i have always wondered if these 2 actions are possible:


  1. To manipulate cookies. I mean, if i login for example into facebook it will save a cookie in my browser. Could i edit it in anyway? I think so since it is set into MY browser and not set locally.

  2. To manipulare a javascript script. I mean, since javascript is read by the browser and every user can read the language, could it be edited? For example, let's say i have an ajax call that send data strings like
    user=basic
    or something (it's just an example), could someone change it to
    user=admin
    ?



I hope this kind of things are not possible or i am pretty much f****d!

Answer

In that case, I'm sorry to say you are pretty much f****d.

You must always assume that everything on the client side can be manipulated by some evil hacker. This includes cookies and JavaScript.

Firefox makes this extra easy, using the Edit Cookies extension for cookies, and Firebug to edit JavaScript (and HTML and CSS).