So, in firebug you can see all your javascript variables and whatnot. From DOM tab, I can even change the javascript variable value. But does the change really take the effect?

Is there any other way to change javascript variables? Is it a good idea to have javascript variables that might store (sort of) secure data?

Thanks! :)

Edit: Yup, changing value from within firebug does have an effect on how your page will behave.

So, what's a good practice to store secure variables in javascript? By secure, I don't mean credit card #, just some id or something.

phorty-two views and jero replies?

I'd appreciate some help guys. :)

Thanks in advance!

When you say store... you mean a COOKIE?

... if its really really precious then you need to use a session and store the really important data on the server.

Storing as in a variable. Any way to, I guess, hide variables?

(Like in firebug you can see all the javascript variables).

It's possible to do this even without firebug. If you don't want people to see/change it, don't do it in javascript.

Edit: If you still want to use javascript, just make sure your back-end is secure enough to hold out with tampering.

Ummm.... put it through some sort of key type thing. as in encode it.

The problem with using javascript to encrypt any data (two-way not a one-way hash) is how do you hide the key?

So for anything "secure" your gonna need something server side.

Got you guys, thanks! :)

Yeah, I don't think there's any other way. I mean, js will always be visible, after all, it'll be on a client's side...


If you still want to use javascript, just make sure your back-end is secure enough to hold out with tampering.
Yup, very well said!