获取javascript中函数的长度

发布于 2024-11-08 11:31:27 字数 506 浏览 4 评论 0原文

我正在使用nodejs和nowjs。我想获取调用服务器上函数的函数的主体长度并检查它是否相同。防止用户操纵客户端功能。并且可能排除可能改变的变量。有没有办法在 JavaScript 中做到这一点?

例如

客户端

now.sendMessage() {
    //Some code...
}

服务器

everyone.now.sendMessage() {
    //Check that the code is the exact length 
    //as the function body written in the clientside script
    //To see if it has been manipulated...
    if (codelength === ?) {
        //execute code
    } else {
       //return error
    }
}

I'm using nodejs and nowjs. I want to get the body length of the function that is calling the function on the server and check if it is the same. To prevent users from manipulating the client side function. And possibly excluding variables that may change. Is there a way to do this in javascript?

eg

client

now.sendMessage() {
    //Some code...
}

server

everyone.now.sendMessage() {
    //Check that the code is the exact length 
    //as the function body written in the clientside script
    //To see if it has been manipulated...
    if (codelength === ?) {
        //execute code
    } else {
       //return error
    }
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

彻夜缠绵 2024-11-15 11:31:27

可以这样做:http://jsfiddle.net/RsrCB/1/

但在实践中,它并不可靠。由于多种原因,无法检查 JavaScript 代码的完整性:

  • 很容易对其进行混淆
  • 很容易覆盖完整性检查代码

It can be done: http://jsfiddle.net/RsrCB/1/.

But in practice, it's not reliable. JavaScript code can't be checked for integrity for several reasons:

  • It's easy to obfuscate it
  • It's easy to override the integrity-checking code
空袭的梦i 2024-11-15 11:31:27

尝试一下:

   var codelength =  (String(yourfunction_name).length);

有了这些知识,您还可以计算函数体的一些哈希值并进行比较。

Try this:

   var codelength =  (String(yourfunction_name).length);

With that knowledge you can also calculate some hash over the body of the function and compare those.

婴鹅 2024-11-15 11:31:27

你现在的使用是错误的。您不能信任该用户。

现在,您只需在客户端定义过程并使用一些数据调用它们即可。您不会像这样传递敏感数据。

您发送给客户端的任何数据都属于客户端,您无法屏蔽劫持。

现在在底层使用 websockets 或 XHR。您只需通过套接字向客户端发送数据,它就可以被拦截。

Your using now wrong. You cannot trust the user.

With now you just define procedures on the client and call them with some data. You do not pass sensitive data like this.

Any data you send to the client belongs to the client, you cannot shield against hijacking.

now uses websockets or XHR underneath. Your simply sending data to a client on a socket, it can be intercepted.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文