473,320 Members | 1,955 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Secret Variable

I have puzzle in which I need to hash a value comprised of 2 form
fields and a shared password before submitting form to external web
application.

My question is, what are the possibilities for doing something like
this in JavaScript? In pseudo code terms I need to:

var myHash = someHashFunction("sharedSecret" + form.field1 +
form.field2)

but I do not wish to hardcode "sharedSecret" as it will be seen by the
browser. Certainly I can hide it a little in other js files, but this
is no real solution. I would like to do:

var myHash = someHashFunction(someVar + form.field1 + form.field2)

in which the client's browser never sees the value stored in someVar,
and where someVar is defined can never be accessed by a browser. I
wish this to be secret and protected.

In JSP perhaps I would read this from a protected properties file or
database, but this is JavaScript and not server-side scripting
language. Do you have any suggestion for me?
Aug 8 '08 #1
2 1343
sanjay.bidi1 wrote:
I have puzzle in which I need to hash a value comprised of 2 form
fields and a shared password before submitting form to external web
application.

My question is, what are the possibilities for doing something like
this in JavaScript? In pseudo code terms I need to:

var myHash = someHashFunction("sharedSecret" + form.field1 +
form.field2)

but I do not wish to hardcode "sharedSecret" as it will be seen by the
browser. Certainly I can hide it a little in other js files, but this
is no real solution. I would like to do:

var myHash = someHashFunction(someVar + form.field1 + form.field2)

in which the client's browser never sees the value stored in someVar,
and where someVar is defined can never be accessed by a browser. I
wish this to be secret and protected.

In JSP perhaps I would read this from a protected properties file or
database, but this is JavaScript and not server-side scripting
language. Do you have any suggestion for me?
Why not use AJAX and have the hashing done server side?

Jeff
Aug 8 '08 #2
On Fri, 08 Aug 2008 07:57:38 -0700, sanjay.bidi1 wrote:
I have puzzle in which I need to hash a value comprised of 2 form fields
and a shared password before submitting form to external web
application.

My question is, what are the possibilities for doing something like this
in JavaScript? In pseudo code terms I need to:

var myHash = someHashFunction("sharedSecret" + form.field1 +
form.field2)

but I do not wish to hardcode "sharedSecret" as it will be seen by the
browser. Certainly I can hide it a little in other js files, but this
is no real solution. I would like to do:

var myHash = someHashFunction(someVar + form.field1 + form.field2)

in which the client's browser never sees the value stored in someVar,
and where someVar is defined can never be accessed by a browser. I wish
this to be secret and protected.

In JSP perhaps I would read this from a protected properties file or
database, but this is JavaScript and not server-side scripting language.
Do you have any suggestion for me?
There is no way to keep something secret in Javascript, but I'm glad
you see that obfuscating isn't the answer.

Three solutions come to mind:

a) Have some AJAX-type thing compute your hash and return it.

b) Calculate the hash server-side after the form is submitted.
Since having a non-JS fallback is always best, that is the
approach I'd be tempted to take.

c) Look for a different hash method. Sans context, I'm not sure
what you are doing but at first guess it appears you are trying
to salt your hash.
Aug 8 '08 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: John Lee | last post by:
Hi, Which API can I use to encrypt data without using the secret key and also without purchased certificate? Is there an API that uses NT domain account to get sort of "certificate" and encrypt...
2
by: et | last post by:
In the web.config file, there is an option for pageOutput, and a notation that says you can view the trace in the trace.axd file. Well, there is no trace.axd file that I can find, I've searched...
5
by: Morten Mikkelsen | last post by:
Hi, On my SQL Server 2000, I have a table of data (tblAllData) containing a number of columns, some of which are 'secret'. I have to let some users access the database using ODBC from an Excel...
8
by: Mike9900 | last post by:
Hello, We want to add a secret code which is the expiration date and the number of uses of the trial software in storage. Saving this code in the Windows Registry is not a good choice, because...
2
by: Arnold | last post by:
For some of my secondary students studying bits and bytes, I'd like to make a form in which they can create secret codes with bytes. I'd like the form to have a memo field that can only accept 0s...
1
by: Vincent Courcelle | last post by:
Hello, I'm using ASP.NET 2 System.Web.Security.SqlMembershipProvider. I would like to make my users able to change their secret question/answer they entered at subscribtion. I can't find anything...
1
sashi
by: sashi | last post by:
Hi everyone, anyone interested in learning Linux Administration http://www.linuxhomenetworking.com/wiki
5
by: 1 | last post by:
I have discovered the secret of the soul The soul is the emotion. The soul and the emotion are completely nonmaterial existence. The consciousness and the emotion are inseparable, which means...
0
by: Laptop secret | last post by:
HI, We may not aware that the laptop you bring around has abig secret inside. Some of expert may have known it and keep it as secret. If you are fond of browsing in internet you may probably...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.