英文:
How to prevent data shown in dev tool chrome in production env
问题
如果我在Chrome的开发者工具中进入Network选项卡并勾选Fetch/XHR,我可以看到从服务器接收到的数据。嗯,以下是来自生产环境的屏幕截图 :).
请指导/建议。
我已经在Ionic/Angular中开发了我的应用程序。
英文:
If I go to devtools in chrome and go to Network tab and check Fetch/XHR , I can see data received from server. Well , following screen shot is from prod env :).
Kindly guide/advice.
I have developed my application in ionic/angular.
答案1
得分: 3
Short answer: 你不能。
Long answer: 通过HTTP(S)通信提供给客户端应用程序的数据将始终对最终用户可见。客户端应用程序无法提供数据的安全性。如果有任何不应被最终用户访问的数据,您必须在服务器上实施安全措施,而不是在客户端上。服务器必须仅提供用户有权限访问的数据。开发工具仅是显示数据的便捷方式,但用户仍可以通过其他方式访问数据 - 实际上,您向他们发送了数据,因此应视为可见。
英文:
Short answer: You can't.
Long answer: Data you provide to the client application through HTTP(S) communication will always be visible to the end user. Client application cannot provide security of the data. If there's any data that should not be accessed by the end user, you have to implement the security measure on the server, not the client. Server must provide only the data the user is authorised to access. Devtools is only a convenient way to display the data, which the user still have access to by other means - you basically send the data to them, therefore consider them visible.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论