Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Registered User
    Join Date
    Oct 2004
    Posts
    592
    Thanks
    0
    Thanked 1 Time in 1 Post

    JavaScript-Php Encryption

    Hi masters


    Is it possible to retrieve data (that are encrypted with JavaScript) from php ?

    I mean I'd like to encrypt data in html form before posting back to the server.

    When the data arrive at the server, it's decoded to processs some actions.

    Much thanks in advance.

  • #2
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    i don't see why it shouldn't be possible, as long as you use an encryption-method that can be implemented in both javascript and php...

    but you do realise that SSL does the above for all sent and received content? might be a lott simpler (and universal) to use SSL.
    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html

  • #3
    Senior Coder TheShaner's Avatar
    Join Date
    Sep 2005
    Location
    Orlando, FL
    Posts
    1,126
    Thanks
    2
    Thanked 40 Times in 40 Posts
    Plus, if you're using your own encryption in Javascript, people can then see your encryption process, thus making it more hackable. SSL is the way to go, although a bit costly. But it's really the only way to go if you want your info encrypted before sending a request from the browser to the server.

    However, if you would like to continue this way, look up AJAX. It's the process of using JavaScript to create an HTTP Request, sending that request to a server-side script that will then process the request, and then posting back to your javascript code without ever having to reload the page.

    EDIT: Sorry, my head wasn't screwed on right. We're sitting here talking about data being encrypted so that outsiders that intercept the request only receive encrypted data, and then i somehow go on a tangent about users seeing the data. So please ignore the Javascript and AJAX talk on this post. I'm just leaving it so that Raf's response still makes sense, haha.

    -Shane
    Last edited by TheShaner; 07-18-2006 at 04:51 PM.

  • #4
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by TheShaner
    Plus, if you're using your own encryption in Javascript, people can then see your encryption process, thus making it more hackable.
    i don't think he worries that clients can see the unencrypted values...
    the encryption is probably to prevent harm if the trafic gets intercepted.

    so he just needs to use a sessionspecific encryptionkey (like SSL does).

    Quote Originally Posted by TheShaner
    SSL is the way to go, although a bit costly. But it's really the only way to go if you want your info encrypted before sending a request from the browser to the server.
    i agree that SSL is probably the way to go. I don't see an easy way to implement a sessionspecifis encryptionkey without exposing the key at some point...

    Quote Originally Posted by TheShaner
    However, if you would like to continue this way, look up AJAX.
    not sure why yu bring this up --> i don't see why he should be concerned about reloading the page.
    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html

  • #5
    Registered User
    Join Date
    Oct 2004
    Posts
    592
    Thanks
    0
    Thanked 1 Time in 1 Post
    Yeah, the only reason I want to do it to prevent eavesdropping with packet sniffing.

    In packet sniffer, the middle man will only see the encrypted data.

    So, another way besides SSL ?

  • #6
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,470
    Thanks
    0
    Thanked 634 Times in 624 Posts
    The only way I have seen used other than SSL involves using a Java applet.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #7
    Supreme Overlord Spookster's Avatar
    Join Date
    May 2002
    Location
    Marion, IA USA
    Posts
    6,273
    Thanks
    4
    Thanked 83 Times in 82 Posts
    SSL is still the way to go. If cost is an issue you might check with your webhost anyways. Webhosts often have a shared SSL certificate available for their customers to use as part of your hosting package.
    Spookster
    CodingForums Supreme Overlord
    All Hail Spookster


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •