Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Javascript Masking

Options
  • 05-04-2012 12:43pm
    #1
    theflash800
    Registered Users Posts: 97 ✭✭


    Hi Guys,
    I'm building a web application for the company I work for. Basically it's an animation that ultimately takes a 5 digit code. It's written entirely in jQuery and HTML because it needs to run on mobile devices.

    However the code can either be a win or lose code. Problem I'm having as it's written in javascript, the code validation is done client side. Meaning anybody with any knowledge of JS can find out how to win or lose.

    Anyone know if there is a way to mask things like this in JS? Like for example if there was a password validation done client side. I know it's not the right way to do it, but we are this far into the project and it seems like the best option.

    I have another php based solution in my head, but it takes a lot of tinkering that if avoidable would be brilliant.

    Andrew


Comments

  • Options
    #2
    Giblet
    Registered Users Posts: 11,979 ✭✭✭✭Giblet


    Minification and obfuscation are probably your best bets, but as you said, the client has the code, no reason they still couldn't figure it out or hotwire the "Win" function. Validation of this sort is best done server side.


  • Options
    #3
    stevenmu
    Moderators, Society & Culture Moderators Posts: 9,689 Mod ✭✭✭✭stevenmu


    FWIW password validation is never (or at least should never) be done client side either.

    But if you really have to I'd suggest you consider using a hash function such as MD5 or SHA1 to at least make it tricky.

    If you're not familiar with hashing, it's basically a type of one-way encryption. In short you put your 'win' value through a hash function (such as MD5 or SHA1), and it gives you back some encrypted gobbledegook. This is the value that you then put into your javascript code. When a user makes a guess, you then hash it using the same function and get back some more encrypted gobbledegook. You can then compare this to your 'win' gobbledegook, and if they match then the user has guessed correctly.

    And because your javascript code never contains the actual win value, the user can't just view the file to see what it is. They can just hotwire the win function like Giblet says though.

    Jquery has some hashing libraries available to use:
    http://archive.plugins.jquery.com/project/sha1
    http://archive.plugins.jquery.com/project/md5


Advertisement