如何在生产环境中防止数据显示在Chrome开发工具中

huangapple go评论84阅读模式
英文:

How to prevent data shown in dev tool chrome in production env

问题

如果我在Chrome的开发者工具中进入Network选项卡并勾选Fetch/XHR,我可以看到从服务器接收到的数据。嗯,以下是来自生产环境的屏幕截图 :).

请指导/建议。

我已经在Ionic/Angular中开发了我的应用程序。

英文:

如何在生产环境中防止数据显示在Chrome开发工具中

If I go to devtools in chrome and go to Network tab and check Fetch/XHR , I can see data received from server. Well , following screen shot is from prod env :).

Kindly guide/advice.

I have developed my application in ionic/angular.

答案1

得分: 3

Short answer: 你不能。

Long answer: 通过HTTP(S)通信提供给客户端应用程序的数据将始终对最终用户可见。客户端应用程序无法提供数据的安全性。如果有任何不应被最终用户访问的数据,您必须在服务器上实施安全措施,而不是在客户端上。服务器必须仅提供用户有权限访问的数据。开发工具仅是显示数据的便捷方式,但用户仍可以通过其他方式访问数据 - 实际上,您向他们发送了数据,因此应视为可见。

英文:

Short answer: You can't.

Long answer: Data you provide to the client application through HTTP(S) communication will always be visible to the end user. Client application cannot provide security of the data. If there's any data that should not be accessed by the end user, you have to implement the security measure on the server, not the client. Server must provide only the data the user is authorised to access. Devtools is only a convenient way to display the data, which the user still have access to by other means - you basically send the data to them, therefore consider them visible.

huangapple
  • 本文由 发表于 2023年1月6日 20:18:29
  • 转载请务必保留本文链接:https://go.coder-hub.com/75030850.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定