在javascript中使用公钥/私钥 [英] using public/private keys in javascript

问题描述

我需要向我的服务器发送一个 ajax POST 请求.

I need to send an ajax POST request to my server.

我需要确保请求来自脚本本身，而不是来自用户自己编写请求.有没有安全的方法来做到这一点?脚本可以对 POST 请求进行签名或编码，然后由服务器的私钥解密吗?我可以以某种方式阻止用户使用我的公钥进行加密吗?

I'll need to make sure that the request originated from the script itself, and not from a user writing the request him/her self. Is there any secure way to do this? Can the script sign or encode the POST request, later to be decrypted by the server's private key? and can I somehow prevent the user from encrypting using my public key?

我这样做不是为了过滤目的 - 所以简单的旧服务器端验证是行不通的.

I'm not doing this just for filtering purposes - so plain old server-side validation just won't do.

推荐答案

其他答案是正确的:这从根本上是不可能的.从实用的角度来看，您能做的最好的事情可能就是研究一些非常讨厌的方法来混淆您的 JavaScript 以阻止可能试图查看它的人，但您可以放心，有动力的人可以轻松解决这个问题.http://en.wikipedia.org/wiki/Obfuscated_code

The other answers are correct: this is fundamentally impossible. Probably the best you can do from a pragmatic point of view is to look into really nasty ways to obfuscate your JavaScript to discourage people who might try to look at it, but you can be assured that someone motivated can work around this without too much effort. http://en.wikipedia.org/wiki/Obfuscated_code

这篇关于在javascript中使用公钥/私钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！