I know everyone who uses javascript at some point tries to think of a
way to hide it from curious users/hackers, so here goes my question.
I am trying to display an image map and keep the coords of the active
areas hidden from users. I have a page named test.htm that includes a
file get.php in a <scripttag that will dynamically generate some
javascript to write the imagemap. The get.php file will write a unique
key to a session that will identify each request. The get.php file will
make an ajax call to a file named get2.php. The get2.php file will
check the unique key in the session to make sure the request is valid.
If the request is valid get2.php will return a string which will be
javascript that creates an array for the coords of the imagemap.
Something like:
var arr = new Array(10, 10, 20, 20);
After the ajax call is successful get.php will do an eval() on the
string returned from get2.php to set the coords of the active area of
the imagemap. The get2.php request would expire, so that a user could
not simply do a request for the file in his browser and see what is
returned. Also the coords will change with each request, so figuring
out how to see the data in get2.php will be irrelevant as it will
always change.
My concern is: Is there a way to pull out what has been written to the
browser in that eval() in get.php?
7  3769  tr********@gmai l.com said the following on 12/20/2006 10:54 PM:
I know everyone who uses javascript at some point tries to think of a
way to hide it from curious users/hackers, so here goes my question.
I am trying to display an image map and keep the coords of the active
areas hidden from users. I have a page named test.htm that includes a
file get.php in a <scripttag that will dynamically generate some
javascript to write the imagemap. The get.php file will write a unique
key to a session that will identify each request. The get.php file will
make an ajax call to a file named get2.php. The get2.php file will
check the unique key in the session to make sure the request is valid.
If the request is valid get2.php will return a string which will be
javascript that creates an array for the coords of the imagemap.
Something like:
var arr = new Array(10, 10, 20, 20);
After the ajax call is successful get.php will do an eval() on the
string returned from get2.php to set the coords of the active area of
the imagemap. The get2.php request would expire, so that a user could
not simply do a request for the file in his browser and see what is
returned. Also the coords will change with each request, so figuring
out how to see the data in get2.php will be irrelevant as it will
always change.
My concern is: Is there a way to pull out what has been written to the
browser in that eval() in get.php?
You can get get2.php from the cache while the browser is open.
If the array name is known, you can javascript :aler t(arr); (or similar)
in the task bar.
Why are the coordinates of the imageMap so critically secret?
--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq/index.html
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/ tr********@gmai l.com wrote:
I know everyone who uses javascript at some point tries to think of a
way to hide it from curious users/hackers, so here goes my question.
I am trying to display an image map and keep the coords of the active
areas hidden from users. ...
Try to use a server-side image map, then the coords never shows up on
the client.
... I have a page named test.htm that includes a
file get.php in a <scripttag that will dynamically generate some
javascript to write the imagemap. The get.php file will write a unique
key to a session that will identify each request. The get.php file will
make an ajax call to a file named get2.php. The get2.php file will
check the unique key in the session to make sure the request is valid.
If the request is valid get2.php will return a string which will be
javascript that creates an array for the coords of the imagemap.
Something like:
var arr = new Array(10, 10, 20, 20);
After the ajax call is successful get.php will do an eval() on the
string returned from get2.php to set the coords of the active area of
the imagemap. The get2.php request would expire, so that a user could
not simply do a request for the file in his browser and see what is
returned. Also the coords will change with each request, so figuring
out how to see the data in get2.php will be irrelevant as it will
always change.
It would certently hide it from curious users/hackers. I can't tink of
anybody that curious.
My concern is: Is there a way to pull out what has been written to the
browser in that eval() in get.php?
Yes. Everyting sent to the browser can be pulled out. The browser may
also have a DOM inspecor tool used for debugging, that allow you to
read the coords of the active areas directly from the in-memory
DOM-tree.
Randy,
I am trying to use this in a game app I am writing in ajax. The user
would not be able to do an alert in the taskbar as the arr would be out
of scope. The arr would be defiend in a function and would be out of
scope once the page loads.
How would I go about getting the get2.php from the cache? Would that be
considered a second request? The 1st request would be the actual
javascript making the ajax call and the 2nd request being made by the
cache?
Randy Webb wrote:
tr********@gmai l.com said the following on 12/20/2006 10:54 PM:
I know everyone who uses javascript at some point tries to think of a
way to hide it from curious users/hackers, so here goes my question.
I am trying to display an image map and keep the coords of the active
areas hidden from users. I have a page named test.htm that includes a
file get.php in a <scripttag that will dynamically generate some
javascript to write the imagemap. The get.php file will write a unique
key to a session that will identify each request. The get.php file will
make an ajax call to a file named get2.php. The get2.php file will
check the unique key in the session to make sure the request is valid.
If the request is valid get2.php will return a string which will be
javascript that creates an array for the coords of the imagemap.
Something like:
var arr = new Array(10, 10, 20, 20);
After the ajax call is successful get.php will do an eval() on the
string returned from get2.php to set the coords of the active area of
the imagemap. The get2.php request would expire, so that a user could
not simply do a request for the file in his browser and see what is
returned. Also the coords will change with each request, so figuring
out how to see the data in get2.php will be irrelevant as it will
always change.
My concern is: Is there a way to pull out what has been written to the
browser in that eval() in get.php?
You can get get2.php from the cache while the browser is open.
If the array name is known, you can javascript:aler t(arr); (or similar)
in the task bar.
Why are the coordinates of the imageMap so critically secret?
--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq/index.html
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Trey Bason schrieb:
Randy,
I am trying to use this in a game app I am writing in ajax. The user
would not be able to do an alert in the taskbar as the arr would be out
of scope. The arr would be defiend in a function and would be out of
scope once the page loads.
How would I go about getting the get2.php from the cache? Would that be
considered a second request? The 1st request would be the actual
javascript making the ajax call and the 2nd request being made by the
cache?
Randy Webb wrote:
tr********@gmai l.com said the following on 12/20/2006 10:54 PM:
I know everyone who uses javascript at some point tries to think of a
way to hide it from curious users/hackers, so here goes my question.
>
I am trying to display an image map and keep the coords of the active
areas hidden from users. I have a page named test.htm that includes a
file get.php in a <scripttag that will dynamically generate some
javascript to write the imagemap. The get.php file will write a unique
key to a session that will identify each request. The get.php file will
make an ajax call to a file named get2.php. The get2.php file will
check the unique key in the session to make sure the request is valid.
If the request is valid get2.php will return a string which will be
javascript that creates an array for the coords of the imagemap.
Something like:
>
var arr = new Array(10, 10, 20, 20);
>
After the ajax call is successful get.php will do an eval() on the
string returned from get2.php to set the coords of the active area of
the imagemap. The get2.php request would expire, so that a user could
not simply do a request for the file in his browser and see what is
returned. Also the coords will change with each request, so figuring
out how to see the data in get2.php will be irrelevant as it will
always change.
>
My concern is: Is there a way to pull out what has been written to the
browser in that eval() in get.php?
You can get get2.php from the cache while the browser is open.
If the array name is known, you can javascript:aler t(arr); (or similar)
in the task bar.
Why are the coordinates of the imageMap so critically secret?
--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq/index.html
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
It's not possible - in the moment the browser loads the data you can
read it out, think of firebug users ;)
Trey Bason said the following on 12/21/2006 7:37 AM:
Randy,
I am trying to use this in a game app I am writing in ajax. The user
would not be able to do an alert in the taskbar as the arr would be out
of scope. The arr would be defiend in a function and would be out of
scope once the page loads.
How would I go about getting the get2.php from the cache? Would that be
considered a second request? The 1st request would be the actual
javascript making the ajax call and the 2nd request being made by the
cache?
Open the Temporary Internet Files folder, find the file, right click and
Edit it. And no, it doesn't get another copy from the server, it reads
it from the cache. And as long as the page is open, that file will
remain in the cache.
--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq/index.html
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Randy,
I am using the following line of code to make sure the browser does not
cache the page.
header("Cache-Control: no-cache");
Wouldn't this prevent someone from being able to view the file in the
cache?
Randy Webb wrote:
Trey Bason said the following on 12/21/2006 7:37 AM:
Randy,
I am trying to use this in a game app I am writing in ajax. The user
would not be able to do an alert in the taskbar as the arr would be out
of scope. The arr would be defiend in a function and would be out of
scope once the page loads.
How would I go about getting the get2.php from the cache? Would that be
considered a second request? The 1st request would be the actual
javascript making the ajax call and the 2nd request being made by the
cache?
Open the Temporary Internet Files folder, find the file, right click and
Edit it. And no, it doesn't get another copy from the server, it reads
it from the cache. And as long as the page is open, that file will
remain in the cache.
--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq/index.html
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Trey Bason said the following on 12/21/2006 4:15 PM:
Answer:It destroys the order of the conversation
Question: Why?
Answer: Top-Posting.
Question: Whats the most annoying thing on Usenet?
Randy,
I am using the following line of code to make sure the browser does not
cache the page.
header("Cache-Control: no-cache");
Wouldn't this prevent someone from being able to view the file in the
cache?
After the page is closed, sure. But, while the page is open the browser
*must* have that file locally (test it).
--
Randy
Chance Favors The Prepared Mind
comp.lang.javas cript FAQ - http://jibbering.com/faq/index.html
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/ This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: dmiller23462 |
last post by:
Hi guys....I have absolutely NO IDEA what I'm doing with Javascript
but my end result is I need two text boxes to stay hidden until a
particular option is selected....I've cobbled together the JavaScript
in this code from a couple different sites but I'm not 100% sure what
each line is doing...This is the ASP code that I'm using for the
page....Take a look at the JavaScript code and please let me know what
each line is doing....I have been...
|
by: oLE |
last post by:
I would like to add some javascript to show/hide a certain row of a
table. The first row of the table contain the hyperlink that calls the
javascript the second row is the one i want to show/hide with the
javascript in a toggle fashion.
the problem is a know very little javascript and have become incredibly
frustrated because i went ahead thinking it was going to be like C. its not.
I know i can use these lines to do the actual work:
|
by: MOHSEN KASHANI |
last post by:
Hi,
I am trying to hide some form elements in a form by default and show/hide
depending on which radio button is clicked. This is what I have but it is
not working:
<head>
<style>
..noshow {
display: none;
}
|
by: bridgemanusa |
last post by:
Hi All:
I have a very long page of html that I want to take portions and hide
them in divs, then show when a link is clicked. I have the hide show
part working when the link is clicked, however I would really like to
use linked images instead to do the following:
- When open.gif is clicked, the contents of the div show and open.gif
is swapped with close.gif
- subsequently, when close.gif is clicked, the div contents get hidden
|
by: UJ |
last post by:
Is there a way with a asp:checkbox to run a JavaScript to display/hide
text/input on the screen without doing a postback?
I also need to be able to access the stuff at the server so I need to have
run=server with it.
TIA - Jeff.
| | |
by: FP |
last post by:
I'm new to Java Script.
I'm displaying comments people have made. Below each persons' comment
I want to add 2 buttons "Reply" and "Amend". Clicking "Reply" would
display an empty text field below the comment with a spell check &
submit button. Clicking "Amend" would display the same buttons & text
field but pre-populated with the original comment.
Using Java Script how do I show / hide the text field in my list of
comments but have...
|
by: dusk |
last post by:
Hi,
I'm very new to javascript, and I'm having trouble finding a way to display a string of divs without the code getting really messy.
I have several different pages to write, each with about 15-20 divs, and I need users to be able to select a sequence of divs - basically like a series of yes/no questions that, when "yes" or "no" is selected, displays the appropriate div as well as what's come before it.
I can hide all divs and display...
|
by: Doogie |
last post by:
Hi I have an img control I am trying to hide upon certain types of
commands in my code behind. When to hide it is directly tied to a
asp:dropdownlist control. So depending on what the user selects in
that dropdownlist, this image will be hidden or be displayed.
I have tied the onselectedindexchanged value of the dropdownlist to a
c-sharp method (not javascript) because other things are being done as
well that I want to do server side. ...
|
by: Mike P |
last post by:
How would I show or hide a div that is using client side Javascript
based upon a server side variable?
Here are my divs :
<div id="idButton5" class="otherLeftBarLink" onmouseover="javascript:
changeStylesMouseOver('5');" onmouseout="javascript:
changeStylesMouseOut('5');" onclick="location='/AddProject.aspx'">
<div class="leftBarLinkText">
Add Project
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
