有没有什么办法来隐藏最终用户的JavaScript函数? [英] Is there any way to hide javascript functions from end user?
问题描述
我想用户jQuery的AJAX调用,例如;
I want to user jquery ajax calls, for example;
function addnewteacher(){
$.ajax({
type: "POST",
url: "/actions/dboss/newteacher.php",
data: "uname=" + $("#newteacheruname").val() + "&upass=" + $("#newteacherupass").val() + "&name=" + document.getElementById("newteachername").value + "&surname=" + document.getElementById("newteachersurname").value + "&mobile=" + document.getElementById("newteachermobile").value + "&email=" + document.getElementById("newteacheremail").value,
success: function(html){
$("#response").html(html);
$("#response").dialog("open");
}
});
}
正如你所看到的,我必须放弃数据部分给最终用户。但我想用一个隐藏的功能,然后进行加密解密的服务器,以便大概没有人可以发送和恶意code到服务器仅仅是因为解密后code不会让任何意义,如果没有适当加密。但我必须隐藏用户的功能或使功能的工作只对我?
As you can see, i have to give away the data part to end user. But i want to encrypt it with a hidden function then decrypt it on server so probably no one can send and malicious code to server just because that code wont make any sense after decryption if not properly encrypted. But i have to hide the function from user or make the function work only for me?
感谢任何帮助/想法
推荐答案
您不能隐藏的JavaScript code。它被下载到客户端,并在那里执行。您可以混淆它,推动它的方式在内心深处,任何你想要的,但一个确定的用户仍然可以找到它。您的安全真正需要的服务器,在那里你可以完全控制,客户端,那就是你有任何控制不上。
You cannot hide JavaScript code. It gets downloaded to the client and executed there. You can obfuscate it, push it way deep inside, whatever you want, but a determined user can still find it. Your security really needs to be on the server, where you have complete control, not on the client, where you have no control at all.
确认调用 /actions/dboss/newteacher.php 授权和验证它们从服务器上的有效来源的。通过隐藏的安全是不是安全性。
Make sure calls to /actions/dboss/newteacher.php are authorized and verify they are coming from valid sources on the server. Security through obscurity is not security.
这篇关于有没有什么办法来隐藏最终用户的JavaScript函数?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
