0

In javascript we can prevent user from pressing various keys, that I know. But a disabled key such as F12 can prevent user to access to developer tools or say preventing user to right click can do the same. It's a very good idea from security point of view, then why all major sites don't implement such scenario in order to protect their hard works such as various CSS and Designing.

I want a logical answer. If any reference for the sites with such implementation is needed then tell me I'll update my question with that link.

Chirag
  • 994
  • 2
  • 11
  • 26
  • 3
    It's not a very good idea from a security point of view. You can't rely on client side security. – Ivar Apr 13 '17 at 08:46
  • 1
    You can't prevent anything like that. There's always a way around it. People can enter their modifications and read your settings via javascript:mymodifications.here() in the adressbar of the browser if you managed a hack around it. – Tschallacka Apr 13 '17 at 08:47
  • It's not a very good idea but this way we can prevent users from interacting with our UI. Then why not.? – Chirag Apr 13 '17 at 08:47
  • For the same reason it wouldn't be a good idea to allow devs to disable keys such as Alt-F4. – freedomn-m Apr 13 '17 at 08:48
  • 1
    All you have to do to bypass any of this is go to the browser menu and View Source. It's an annoyance at most. People who know what to do with the source code will also know how to get to it. – inarilo Apr 13 '17 at 08:48
  • 1
    Or use `curl` to download the resources directly (or write your own browser that doesn't have such restrictions). – freedomn-m Apr 13 '17 at 08:49
  • You can try the hack in given post: http://stackoverflow.com/questions/41801175/breakpoint-triggers-repeatedly-after-firebug-opening#. Its interestingly annoying to debug with such code. – Rajesh Apr 13 '17 at 08:56

2 Answers2

9

There are keys you can't intercept, and ways into devtools that you can't intercept (e.g., via menus).

If you're tring to protect your code or some such, you just can't, full stop. Anything that goes to the client is accessible to the user.

If you're trying to prevent the user getting themselves into trouble in devtools, you might do what Facebook does, which is output a big bold message to the console warning users not to use it:

enter image description here

T.J. Crowder
  • 1,031,962
  • 187
  • 1,923
  • 1,875
2

Answer is as simple as it gets: user can simply disable js, so why even bother spending resources on function, that can be disabled.

NoOorZ24
  • 2,914
  • 1
  • 14
  • 33