Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New to the CF scene
    Join Date
    Jun 2010
    Posts
    3
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Hiding variables from client

    I'm new to web programming, and so I may be going about this all wrong but this is what I'm trying to do.

    I'm creating an interface to access my google base, I can do that part without much trouble but to access the server you need to request a session token. This token has to be sent to the server along with your query. I use JS on the main page which calls a php script that requests the key, then calls the server for a full list of items which is then passed back to the javascript in JSON format. The user then selects a field from the option box and i need to requery the server for the updated list. But to do this i need to resend the session token, and this is where I'm having trouble.

    I need to save this token, but im not sure the best way to go about this. I can pass it back to the JS portion and save it as a variable that i can then pass to the PHP script that queries the server, but im worried the key may contain private information about my log in information. Is there a way to make this token variable hidden in the JS so that the client could not see it? Or am i way off base and the client can't view any of the variables anyways?

    If someone has a suggestion for me that would be much appreciated.

  • #2
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,280
    Thanks
    12
    Thanked 343 Times in 339 Posts
    anything in JavaScript can be looked at, anytime (from the User Agent that currently executes it). you could of course use a TLS/SSL session (has got nothing to do with javascript) to make sure, no-one can look at your HTTP transfers (including the sensitive information).
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • Users who have thanked Dormilich for this post:

    xpapax (06-21-2010)

  • #3
    New to the CF scene
    Join Date
    Jun 2010
    Posts
    3
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Okay thanks!
    I'm going to look at keeping my php session open, or if there's a way like in java to create and instance of the script and keep the token as a "private final" type variable.

  • #4
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,280
    Thanks
    12
    Thanked 343 Times in 339 Posts
    keep in mind that JavaScript is a prototype-based programming language. the concept of classes (with its final, private, protected, public, static, abstract keywords) doesn’t apply here.

    and a decent developer tool lets you explore a script and its state as it runs.
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  • #5
    Regular Coder
    Join Date
    Apr 2010
    Posts
    163
    Thanks
    3
    Thanked 25 Times in 25 Posts
    You could encrypt the date in your php, than decrypt it when it gets sent back to the server.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •