current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

I am creating javascript array dynamically using php for instance I will take one example here

<?php

echo "<script>
           var array={ 
                       'A' : { 
                                'a':123 ,
                                'b':[[1,2],[3,4]]
                             }
                     };

 function dum(arr)
    {           
           window.alert(arr);
    }

dum(array['A']['a']);

</script>";


?>

In my case array which I created holds some very important information which I do not want to share with any of my client, since its impossible to mask view source in browser which I understood from my previous post, so I would like to encrypt it before echo so that in view source client won't be able to understand what this array is, what this array contains, and then I am sending this array to my function in this case its dum, inside function dum I would like to descrypt it, and then I will process.

I hope my approach is clear, negative voters kindly comment so that I will understand my mistake.

share|improve this question
    
This isn't a good idea. Since your decrypt function is client-side too, this isn't really a safe encryption. Every visitor of your side could see the decrypt function and could decrypt the array. You have to encrypt/decrypt on the server side and store the encrypted information e.g. in an encrypted cookie or something like that. –  morten.c Apr 6 at 12:08
    
Dear morten.c can you give sample demo, as I don't have much knowledge about it, if you have time please help me –  Peter Apr 6 at 12:14
    
@morten.c Such visitor don't even need to use decrypt function, he can simply trace the result value by browser's Developer Tools –  hindmost Apr 6 at 12:15
    
@hindmost You're right, but I tried to give an idea why this isn't secure by design. –  morten.c Apr 6 at 12:18
    
@Peter Stick to Quentins answer, start with some reading about php sessions (unfortunatley you could do many things wrong at the beginning). Additionally you could read about encrypted cookies, but in most cases it's better to keep the data away from the client at all. –  morten.c Apr 6 at 12:20
show 2 more comments

1 Answer

up vote 1 down vote

While you could encrypt the data before sending it to the client, if you want to do anything with it then you'll also have to send the client instructions on how to decrypt it, which would make the content available to the user.

If you don't want the user to have access to the data, then the only decent option is to never send the data to the browser in the first place.

Keep it on the server. Process it on the server. Associate it with a user using a session.

share|improve this answer
    
Thanks for your response, but how can I do this ? can you give a demo, if you have time –  Peter Apr 6 at 12:16
    
php.net/sessions makes a sensible starting point. –  Quentin Apr 6 at 12:16
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.