public code security considerations

mosinski95 · September 17, 2019, 6:29am

Hello dear community,
I would like to perform some validity checks on the server side and client side.
I was asking myself if these checks are secure from client side manipulations.
What happens on server side, if the user manipulates the public sources on his device (client side)?
He could probably overcome some validity checks on the client side manipulating the public sources on his device. What about the code on the server side? Will it be manipulated as well?
The public code will not perform any sensible information of course.
Greetings
Norbert

serhiiko · September 17, 2019, 8:15am

Hi, here is article about that https://support.wix.com/en/article/corvid-security-considerations

mosinski95 · September 17, 2019, 8:47am

Hi Serhii, thanks for your answer. I’ve read this article already but it doesn’t answer my specific question.

I want to know what happens if a client manipulates a module from the public section and I call the same module in backend. Will the manipulated module be called in backend, or does the server have it’s own copy of the modules from the public section that are being called in backend and these can not be manipulated?

serhiiko · September 17, 2019, 9:12am

What do you mean when said ‘manipulates a module’?
How can users manipulate your module from the public section?

Users can’t change your code even if it is in public. The only thing that users can do is if you invoke functions from the backend in the public module in case you set the permissions incorrectly, the user will be able to call it

mosinski95 · September 17, 2019, 9:28am

Below is the live version of my actual website. By opening the developer API of google chrome I’m able to look for the sources that are placed in the public section and edit them, right?

Now if I define a module in that public section and call that module FROM backend and a user manipulates the sources the same way I’m doing on the picture below, I wonder if the call in backend will refer to the manipulated module.

Excuse me if I’m missing some basic knowledge here, it’s my first time web developing.

serhiiko · September 17, 2019, 9:57am

No, changes in the public module will not affect the execution of the backend function

mosinski95 · September 17, 2019, 9:59am

Thanks for your support, have a nice day!

Topic		Replies	Views
Frontend code manipulation Ask the community code , question	3	144	May 6, 2019
Source code security Ask the community code , question	2	154	May 16, 2019
What is the difference between public and backend section? Ask the community code , question	2	741	April 26, 2018
Backend processing for site security. Ask the community code , question	5	114	October 11, 2022
Web Module Permissions - Clarification Ask the community code , question	2	227	May 6, 2020

public code security considerations

Related topics