Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    Jan 2005
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Hiding declared constants

    In doing some light-weight javascript math, a few of my calculations use stored constants, real or floating point numbers like "10.53" or whatever. Unfortunately, I've been informed that some of these values are considered slightly private and need to be hidden from folks who might browse through the source code.

    (The values really aren't important... they are numbers about as exciting as how much I paid for gasoline, which the next driver can read off the pump and figure out I'm a wealthy guy who just spent 20 bucks; technically nobody's business.)

    SOOOOO... Are there javascript encryption schemes that can be used to reference stored constants? Perhaps like:

    y = f^sf&t67)e ;

    ----------------------

    x = decrypt(y);

    document.output_result.name0.value = 10 + x ;




    Perhaps another solution is to store the numbers by their ascii values?? A clever surfer could figure them out, of course, but it might be sufficient for my purpose.

  • #2
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,027
    Thanks
    203
    Thanked 2,539 Times in 2,517 Posts
    There is no way that JavaScript can be truly secure, but you can defeat the casual surfer by using ASCII values.

    Example:-

    <SCRIPT language="Javascript">
    <!--
    document.write(unescape("%3C%62%67%73%6F%75"));
    //-->
    </SCRIPT>

    Or simply munge the stored constants by multiplying them by
    74.83. And perhaps disguise things further by misleading varaible names:-

    var priceofgas = 6876.653 // this value never used
    var mynumber = 2.30 // the true price of gas

    All these tricks are really quite childish and offer no real obstacle
    to someone determined to root them out.
    Last edited by Philip M; 03-13-2005 at 07:30 AM.

  • #3
    New Coder
    Join Date
    Jan 2005
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for your help.

    I think I found another solution- simply encrypt the numbers beforehand using the user's ordinary password as the decryption key. Then declare constants locally within each function that uses them, like:

    function calculate_all(password){

    X = decrypt('JD7^&8J3#DJK8NCS9*HJ' , password);

    ...

    }


    Luckily, all users have the same password for this application. If I were making this for a large number of people, then I'd need redundant sets of pre-made encrypted values, each based on a different password from each user.

  • #4
    New Coder
    Join Date
    Jan 2005
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I might add, the password has also been encrypted using itself.

  • #5
    Regular Coder
    Join Date
    Aug 2004
    Location
    codegoboom@yahoo.com
    Posts
    999
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Javascript Secret-Code Systems may be of interest you, as well...
    *this message will self destruct in n-seconds*


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •