is it possible to restrict a Bookmarklet?
for example, if I have a Bookmarklet in my site that let's users do something, is it possible to restrict it's use to Registered users? I mean, anyone can drag a Bookmarklet into their bookmar开发者_JAVA百科ks bar, but can we use a system to restrict bookmarklets functions to Registered users? For example, a user drags the bookmarklet into the bar and then he/she tries to execute it, but the bookmarklet somehow checks if this user is registered in the website and if not, it asks for username and password... Something like that.
Can you help?
If a bookmarklet can do something you haven't authorized to an user, then you have a heavy security problem.
The bookmarklet can do anything with javascript, so focus on your security and leave the bookmarklet alone. Even if you could block the bookmarklet, what would you do with something like greasemonkey?
The JavaScript can do whatever you like, including calling a web service to check if the user is logged in… but anything that happens client side can be duplicated and edited (e.g. to override the authorisation check)
精彩评论