...

View Full Version : Hiding declared constants



chimly
03-13-2005, 06:16 AM
In doing some light-weight javascript math, a few of my calculations use stored constants, real or floating point numbers like "10.53" or whatever. Unfortunately, I've been informed that some of these values are considered slightly private and need to be hidden from folks who might browse through the source code.

(The values really aren't important... they are numbers about as exciting as how much I paid for gasoline, which the next driver can read off the pump and figure out I'm a wealthy guy who just spent 20 bucks; technically nobody's business.)

SOOOOO... Are there javascript encryption schemes that can be used to reference stored constants? Perhaps like:

y = f^sf&t67)e ;

----------------------

x = decrypt(y);

document.output_result.name0.value = 10 + x ;




Perhaps another solution is to store the numbers by their ascii values?? A clever surfer could figure them out, of course, but it might be sufficient for my purpose.

Philip M
03-13-2005, 08:24 AM
There is no way that JavaScript can be truly secure, but you can defeat the casual surfer by using ASCII values.

Example:-

<SCRIPT language="Javascript">
<!--
document.write(unescape("%3C%62%67%73%6F%75"));
//-->
</SCRIPT>

Or simply munge the stored constants by multiplying them by
74.83. And perhaps disguise things further by misleading varaible names:-

var priceofgas = 6876.653 // this value never used
var mynumber = 2.30 // the true price of gas

All these tricks are really quite childish and offer no real obstacle
to someone determined to root them out.

chimly
03-13-2005, 07:56 PM
Thanks for your help.

I think I found another solution- simply encrypt the numbers beforehand using the user's ordinary password as the decryption key. Then declare constants locally within each function that uses them, like:

function calculate_all(password){

X = decrypt('JD7^&8J3#DJK8NCS9*HJ' , password);

...

}

Luckily, all users have the same password for this application. If I were making this for a large number of people, then I'd need redundant sets of pre-made encrypted values, each based on a different password from each user.

chimly
03-13-2005, 08:08 PM
I might add, the password has also been encrypted using itself.

codegoboom
03-14-2005, 04:09 AM
Javascript Secret-Code Systems (http://members.aol.com/SciRealm/CodeSystems.html) may be of interest you, as well... ;)



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum