Is there any possibility to secure data only using JavaScript?

Question

User has a token sent between browser and API. This is ok, but I send also additional data without token (I don't want to generate token each time). This happens automatically using JavaScript. Unfortunately the user can get token and change data from outside the token (I send token + data that is different for each request, so the user can change the different data) and next send request by for example PostMan.

If it was on the server side, I could generate a hash with this data and salt, but if I do it in JavaScript itself, everyone can see how hash is generated and what is the salt.

This: _Is there any possibility to secure data only using JavaScript?_ - in the browser - **NO** — Randy Casburn, Jun 21 '19 at 18:55
What you have defined is the need for session based authentication. Session based authentication is controlled by the server. Session-less tokens cannot secure your API. — Randy Casburn, Jun 21 '19 at 18:57

score 0 · Answer 1 · answered Jun 21 '19 at 19:02

check this out

Ref1: [https://stackoverflow.com/a/7616484/3217659][1]

Ref2: [https://werxltd.com/wp/2010/05/13/javascript-implementation-of-javas-string-hashcode-method/][2]

    String.prototype.hashCode = function() {
      var hash = 0, i, chr;
      if (this.length === 0) return hash;
      for (i = 0; i < this.length; i++) {
        chr   = this.charCodeAt(i);
        hash  = ((hash << 5) - hash) + chr;
        hash |= 0; // Convert to 32bit integer
      }
      return hash;
    };


  [1]: https://stackoverflow.com/a/7616484/3217659
  [2]: https://werxltd.com/wp/2010/05/13/javascript-implementation-of-javas-string-hashcode-method/

This doesn't secure anything. – scottheckel Jun 21 '19 at 19:21 — scottheckel, Jun 21 '19 at 19:21

Is there any possibility to secure data only using JavaScript?

1 Answers1