By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,636 Members | 1,213 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,636 IT Pros & Developers. It's quick & easy.

Secret Variable

P: n/a
I have puzzle in which I need to hash a value comprised of 2 form
fields and a shared password before submitting form to external web
application.

My question is, what are the possibilities for doing something like
this in JavaScript? In pseudo code terms I need to:

var myHash = someHashFunction("sharedSecret" + form.field1 +
form.field2)

but I do not wish to hardcode "sharedSecret" as it will be seen by the
browser. Certainly I can hide it a little in other js files, but this
is no real solution. I would like to do:

var myHash = someHashFunction(someVar + form.field1 + form.field2)

in which the client's browser never sees the value stored in someVar,
and where someVar is defined can never be accessed by a browser. I
wish this to be secret and protected.

In JSP perhaps I would read this from a protected properties file or
database, but this is JavaScript and not server-side scripting
language. Do you have any suggestion for me?
Aug 8 '08 #1
Share this Question
Share on Google+
2 Replies


P: n/a
sanjay.bidi1 wrote:
I have puzzle in which I need to hash a value comprised of 2 form
fields and a shared password before submitting form to external web
application.

My question is, what are the possibilities for doing something like
this in JavaScript? In pseudo code terms I need to:

var myHash = someHashFunction("sharedSecret" + form.field1 +
form.field2)

but I do not wish to hardcode "sharedSecret" as it will be seen by the
browser. Certainly I can hide it a little in other js files, but this
is no real solution. I would like to do:

var myHash = someHashFunction(someVar + form.field1 + form.field2)

in which the client's browser never sees the value stored in someVar,
and where someVar is defined can never be accessed by a browser. I
wish this to be secret and protected.

In JSP perhaps I would read this from a protected properties file or
database, but this is JavaScript and not server-side scripting
language. Do you have any suggestion for me?
Why not use AJAX and have the hashing done server side?

Jeff
Aug 8 '08 #2

P: n/a
On Fri, 08 Aug 2008 07:57:38 -0700, sanjay.bidi1 wrote:
I have puzzle in which I need to hash a value comprised of 2 form fields
and a shared password before submitting form to external web
application.

My question is, what are the possibilities for doing something like this
in JavaScript? In pseudo code terms I need to:

var myHash = someHashFunction("sharedSecret" + form.field1 +
form.field2)

but I do not wish to hardcode "sharedSecret" as it will be seen by the
browser. Certainly I can hide it a little in other js files, but this
is no real solution. I would like to do:

var myHash = someHashFunction(someVar + form.field1 + form.field2)

in which the client's browser never sees the value stored in someVar,
and where someVar is defined can never be accessed by a browser. I wish
this to be secret and protected.

In JSP perhaps I would read this from a protected properties file or
database, but this is JavaScript and not server-side scripting language.
Do you have any suggestion for me?
There is no way to keep something secret in Javascript, but I'm glad
you see that obfuscating isn't the answer.

Three solutions come to mind:

a) Have some AJAX-type thing compute your hash and return it.

b) Calculate the hash server-side after the form is submitted.
Since having a non-JS fallback is always best, that is the
approach I'd be tempted to take.

c) Look for a different hash method. Sans context, I'm not sure
what you are doing but at first guess it appears you are trying
to salt your hash.
Aug 8 '08 #3

This discussion thread is closed

Replies have been disabled for this discussion.