I have puzzle in which I need to hash a value comprised of 2 form
fields and a shared password before submitting form to external web
application.
My question is, what are the possibilities for doing something like
this in JavaScript? In pseudo code terms I need to:
var myHash = someHashFunctio n("sharedSecret " + form.field1 +
form.field2)
but I do not wish to hardcode "sharedSecr et" as it will be seen by the
browser. Certainly I can hide it a little in other js files, but this
is no real solution. I would like to do:
var myHash = someHashFunctio n(someVar + form.field1 + form.field2)
in which the client's browser never sees the value stored in someVar,
and where someVar is defined can never be accessed by a browser. I
wish this to be secret and protected.
In JSP perhaps I would read this from a protected properties file or
database, but this is JavaScript and not server-side scripting
language. Do you have any suggestion for me?
2  1346 
sanjay.bidi1 wrote:
I have puzzle in which I need to hash a value comprised of 2 form
fields and a shared password before submitting form to external web
application.
My question is, what are the possibilities for doing something like
this in JavaScript? In pseudo code terms I need to:
var myHash = someHashFunctio n("sharedSecret " + form.field1 +
form.field2)
but I do not wish to hardcode "sharedSecr et" as it will be seen by the
browser. Certainly I can hide it a little in other js files, but this
is no real solution. I would like to do:
var myHash = someHashFunctio n(someVar + form.field1 + form.field2)
in which the client's browser never sees the value stored in someVar,
and where someVar is defined can never be accessed by a browser. I
wish this to be secret and protected.
In JSP perhaps I would read this from a protected properties file or
database, but this is JavaScript and not server-side scripting
language. Do you have any suggestion for me?
Why not use AJAX and have the hashing done server side?
Jeff
On Fri, 08 Aug 2008 07:57:38 -0700, sanjay.bidi1 wrote:
I have puzzle in which I need to hash a value comprised of 2 form fields
and a shared password before submitting form to external web
application.
My question is, what are the possibilities for doing something like this
in JavaScript? In pseudo code terms I need to:
var myHash = someHashFunctio n("sharedSecret " + form.field1 +
form.field2)
but I do not wish to hardcode "sharedSecr et" as it will be seen by the
browser. Certainly I can hide it a little in other js files, but this
is no real solution. I would like to do:
var myHash = someHashFunctio n(someVar + form.field1 + form.field2)
in which the client's browser never sees the value stored in someVar,
and where someVar is defined can never be accessed by a browser. I wish
this to be secret and protected.
In JSP perhaps I would read this from a protected properties file or
database, but this is JavaScript and not server-side scripting language.
Do you have any suggestion for me?
There is no way to keep something secret in Javascript, but I'm glad
you see that obfuscating isn't the answer.
Three solutions come to mind:
a) Have some AJAX-type thing compute your hash and return it.
b) Calculate the hash server-side after the form is submitted.
Since having a non-JS fallback is always best, that is the
approach I'd be tempted to take.
c) Look for a different hash method. Sans context, I'm not sure
what you are doing but at first guess it appears you are trying
to salt your hash. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: John Lee |
last post by:
Hi,
Which API can I use to encrypt data without using the secret key and also
without purchased certificate? Is there an API that uses NT domain account
to get sort of "certificate" and encrypt data in memory or to a file - same
idea as EFS? Any sample or arcticles?
Thanks a lot!
John
|
by: et |
last post by:
In the web.config file, there is an option for pageOutput, and a notation
that says you can view the trace in the trace.axd file. Well, there is no
trace.axd file that I can find, I've searched everywhere. So what is the
secret that is always left out to find this file. I have put pageOutput to
true and I have put it to false and run the...
|
by: Morten Mikkelsen |
last post by:
Hi,
On my SQL Server 2000, I have a table of data (tblAllData) containing a
number of columns, some of which are 'secret'.
I have to let some users access the database using ODBC from an Excel
sheet, and I would like that they do not know at all that the columns exist.
I tried creating a view for them (qryAllData) that only selects the...
|
by: Mike9900 |
last post by:
Hello,
We want to add a secret code which is the expiration date and the number of
uses of the trial software in storage. Saving this code in the Windows
Registry is not a good choice, because the user may not have access right.
Also adding it to IsolatedStorage is for one user and is not for all the
users. Eventhough I thought...
|
by: Arnold |
last post by:
For some of my secondary students studying bits and bytes, I'd like to
make a form in which they can create secret codes with bytes. I'd like
the form to have a memo field that can only accept 0s and 1s and
spaces. I was envisioning the following:
--On after update or so, check the memo and only allow groups of eight
0s and 1s, and only...
| | |
by: Vincent Courcelle |
last post by:
Hello,
I'm using ASP.NET 2 System.Web.Security.SqlMembershipProvider.
I would like to make my users able to change their secret
question/answer they entered at subscribtion.
I can't find anything into Membership. (static methods).
I know I can change this in some manner (i did a membership provider and
the changing method must be overriden)....
|
by: sashi |
last post by:
Hi everyone,
anyone interested in learning Linux Administration http://www.linuxhomenetworking.com/wiki
|
by: 1 |
last post by:
I have discovered the secret of the soul
The soul is the emotion. The soul and the emotion are completely
nonmaterial existence. The consciousness and the emotion are
inseparable, which means each consciousness accompanies the
corresponding emotion.
We must understand that the whole brain is a energy system besides as
a nervous system,...
|
by: Laptop secret |
last post by:
HI,
We may not aware that the laptop you bring around has abig secret
inside.
Some of expert may have known it and keep it as secret. If you are
fond of browsing in internet you may probably discover it.
Read further thru this site and you may find out :
http://sharinginfo4.googlepages.com/home
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it. ...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in...
| | |
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
