Modify already received Javascript in browser

Since you can modify the Javascript file when you are in Chrome and press F12, the developer tab, will anyone be able to modify the Javascript there and change the behavior of my site and therefore how it interacts with the server?

Reason I am asking is I want to decide whether to put a piece of code for vali开发者_JS百科dation (eg. check email) on the server side or the client side.

Yes, anyone can change the Javascript and HTML of your site to submit anything to your server. You can even change POST/GET requests as well (for example, this plugin is available to Firefox users: https://addons.mozilla.org/en-us/firefox/addon/tamper-data/).

Always have server side validation for any input.

You can never depend on client-side processing being secure. There are many ways to alter or bypass client-side javascript. Client-side validation is nice to be able to give the user a quick response if validation fails, but it should always be backed up by server-side validation.

You should use a double validation:

• On the server side to prevent data corruption etc.
• On the client side to help the user to fill quickly his form without the need to submit (using a check or cross sign when the user exits a given field

For the business sake, you should only rely on the server side to determine if an given input is valid.

a savvy individual can modify the javascript in their browser, but that only affects their browser.

So yes, someone could disable a validate mechanism implemented in JS, which is why you need to validate on the server.

Anyone can modify the code in client-side but only users with FTP or other thing permissions can modify them server-side.

You should always do validation in server side. If you want (for example make server load smaller) you can make client side validation but it is not enough, since user can easily disable JavaScript.