在Javascript和amp之间混淆POST变量PHP [英] Obfuscating POST variables between Javascript & PHP

问题描述

理想情况下，我想加密变量，所以没有办法弄清楚，不过客户端会通过javascript发送变量，如果看到代码，任何东西都可以解密，我正在寻找替代方案。

Ideally I would want to encrypt the variables so there is no way to figure them out, however given that the client will send the variable via javascript and that anything can be decrypted if they see the code, I am looking for alternatives.

我正在考虑使用将返回HEX类似于md5或sha1的东西，但是加密，然后一些如何将服务器时间或日期纳入变量，以便加密只有1-2分钟才有效。

I was thinking of making using something that would return HEX similar to md5 or sha1 but encryption and then some how incorporate the server time or date into the variable so that the encryption would only be valid for 1-2 minutes.

该JavaScript将具有一个模糊/最小化的功能，可以根据javascript按时加密，然后将其POST到PHP 。只要服务器的日期/时间是X分钟，那么它将正确解密。

The javascript would have an obfuscated/minimized function that would base the encryption on time according to javascript and then POST it to php. As long as the servers date/time was withing X minutes then it would decrypt correctly.

我想发送它似乎是随机数据，并且回到似乎是随机数据。我不想要它是相同的数据。

I'd like to send it what seems to be random data, and get back what seems to be random data. I dont want it to be the same data.

这是最好的方法吗？我只是试图阻止尝试使用HTTP嗅探器的人。我知道一旦他们得到了javascript源码，没有什么可以阻止它给出足够的时间/了解发生了什么。

Is this the best method? I am only trying to stop people who try to use HTTP sniffers. I know once they get to the javascript source nothing could prevent it given enough time/understanding of what's going on.

如果你要发布实际的代码，记住，功能/能力应该存在于javascript和PHP5（< 5.3）上。我希望本机简单/小功能不会为JS和PHP实现一个巨大的第三方类。

If you are going to post actual code, remember that the function/ability should exist on both javascript and PHP5 (< 5.3). I would like native simple/small functions not implement a huge third party class for JS and PHP.

编辑：SSL / HTTPS不成问题。

SSL/HTTPS is out of the question.

推荐答案

我认为HTTPS是不成问题的。

I assume HTTPS is out of the question.

你有没有想过ROT ？至少愚蠢的简单实现：

Have you thought about ROT? Stupid simple implementation at least:

var output = "";
for(var i = 0; i < input.length; i++)
{
    char = ( input.charCodeAt(i) + SOME_NUMBER ) %255;
    output += String.fromCharacterCode( char )
}

然后， PHP

$chars = $_POST['chars'];
$output = "";
for($i = 0; $i < strlen($chars); $i++ )
{
    $char = ord($chars[$i]) - SOME_NUMBER;
    if($char < 0 )$char += 255;
    $output .= chr($char);
}

这篇关于在Javascript和amp之间混淆POST变量PHP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！