How to disable browser developer tools?

I'm developing a web application and since it has access to a database underneath, I require the ability to disable the developer tools from Safari, Chrome, Firefox and Internet Explorer and Firebug in Firefox and all similar applications. Is there a way to do this?

Note: The AJAX framework provided by the database requires that anything given to the database to be in web parameters that can be modified and that anything it returns be handled in JavaScript. Therefore when it returns a value like whether or not a user has access to a certain part of the website, it has to be handled in JavaScript, which developer tools can then access anyway. So this is required.

UPDATE: For those of you still thinking I'm making bad assumptions, I did ask the vendor. Below is their response:

Here are some suggestions for ways of mitigating the risk:

1) Use a javascript Obfuscator to obfuscate the code and only provide the obfuscated version with the sold application; keep the non obfuscated version for yourself to do edits. Here is an online obfuscator: How can I obfuscate (protect) JavaScript? http://en.wikipedia.org/wiki/Obfuscated_code http://javascriptobfuscator.com/default.aspx

2) Use a less descriptive name; maybe 'repeatedtasks.js' instead of 'security.js' as 'security.js' will probably stand out more to anyone looking through this type of information as something important.

Answers:

Answer

No you cannot do this.

The developer menu is on the client side and is provided by the user's browser.

Also the browser developer should have nothing to do with your server side database code, and if it does, you need some maaaaaajor restructuring.

Answer

If your framework requires that you do authorization in the client, then...

You need to change your framework

When you put an application in the wild, where users that you don't trust can access it; you must draw a line in the sand.

  • Physical hardware that you own; and can lock behind a strong door. You can do anything you like here; this is a great place to keep your database, and to perform the authorization functions to decide who can do what with your database.
  • Everything else; Including browsers on client computers; mobile phones; Convenience Kiosks located in the lobby of your office. You cannot trust these! Ever! There's nothing you can do that means you can be totally sure that these machines aren't lying to cheat you and your customers out of money. You don't control it, so you can't ever hope to know what's going on.
Answer

In fact this is somehow possible (how-does-facebook-disable-developer-tools), but this is terribly bad idea for protecting your data. Attacker may always use some other (open, self written) engines that you don't have any control on. Even javascript obfuscation may only slow down a bit cracking of your app, but it also gives practically no security.

The only reasonable way to protect your data is to write secure code on server side. And remember, that if you allow someone to download some data, he can do with it whatever he wants.

Answer

No. It is not possible to disable the Developer Tools for your end users.

If your application is insecure if the user has access to developer tools, then it is just plain insecure.

Answer

Don't forget about tools like Fiddler. Where even if you lock down all the browsers' consoles, http requests can be modified on client, even if you go HTTPS. Fiddler can capture requests from browser, user can modify it and re-play with malicious input. Unless you secure your AJAX requests, but I'm not aware of a method how to do this.

Just don't trust any input you receive from any browser.

Answer

Update at the time (2015) when this answer was posted, this trick was possible. Now (2017) browsers are mature. Following trick no longer works!

Yes it is possible. Chrome wraps all console code in

with ((console && console._commandLineAPI) || {}) {
  <code goes here>
}

... so the site redefines console._commandLineAPI to throw:

Object.defineProperty(console, '_commandLineAPI',
   { get : function() { throw 'Nooo!' } })

This is the main trick!

Answer

You can easily disable Developer tools by defining this:

Object.defineProperty(console, '_commandLineAPI', { get : function() { throw 'Nooo!' } })

Have found it here: How does Facebook disable the browser's integrated Developer Tools?

Answer

Brandon ,

You can do something like this , this is a very basic idea, You can override native code by doing this , This not the exact you looking for , you have develop from from this

delete window.console

console.log('test'); // Noting will work
Answer

There's no way your development environment is this brain-dead. It just can't be.

I strongly recommend emailing your boss with:

  • A demand for a week or two in the schedule for training / learning.
  • A demand for enough support tickets with your vendor to figure out how to perform server-side validation.
  • A clear warning that if the tool cannot do server-side validation, that you will be made fun of on the front page of the Wall Street Journal when your entire database is leaked / destroyed / etc.
Answer

I found a way, you can use debugger keyword to stop page works when users open dev tools

(function(){
  debugger
}())
Answer

can cannot disable the developer tool. but you can annoys any one who try to use the developer tool on your site, try the javascript codes blow, the codes will break all the time.

    (function () {
        (function a() {
            try {
                (function b(i) {
                    if (('' + (i / i)).length !== 1 || i % 20 === 0) {
                        (function () { }).constructor('debugger')()
                    } else {
                        debugger
                    }
                    b(++i)
                }
                )(0)
            } catch (e) {
                setTimeout(a, 5000)
            }
        }
        )()
    }
    )();

Tags

Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us Javascript

©2020 All rights reserved.