用JavaScript保护数据 [英] Secure data in JavaScript

问题描述

我必须为网络测试创建生成器（使用HTML和JavaScript）。
测试必须离线和在线工作。

正确答案和评分评估必须是生成测试的一部分。
最终用户的分数只能发送到服务器（评估不能在服务器上完成，服务器对问题一无所知 - 它只能保存最终分数）。

有什么方法可以将正确答案作为测试的一部分，并且不允许用户使用Firebug轻松找到它们？

解决方案

theres没有真正的解决您的问题的好方法。您唯一能做的就是缩小或加密您的javascript，使其难以阅读和使用奇怪的变量名称。

you can not 永远隐藏它，因为浏览器本身必须解释它，并且人类可以总是解密并操纵它（例如，使用像你说的那样的萤火虫）。

最好的办法是重建整个事情，不要依赖客户端代码中的安全数据 - 我知道你说这是不可能的，但我确定它是。也许这是复杂的，但唯一真正安全的方式。

编辑：

i忘记了你说它必须离线工作 - 在这种情况下，我同意客户端代码是要走的路......如你所说，你唯一的方法就是加密/缩小，然后希望没有人有足够的动力来处理这些丑陋的代码。

I have to create generator for web tests (using HTML and JavaScript). Test has to work offline and online.

Correct answers and score evaluation must be a part of a generated test. The final user's score is then only sent to the server (evaluation cannot be done on the server and server knows nothing about questions - it only saves the final score).

Is there any way to have the correct answers as a part of the test and do not allow user easily find them using Firebug?

解决方案

theres no realy good solution to your problem. the only thing you can do is minifying or encrypting your javascript to make it hard to read and use weird variable-names.

you can't ever hide it completely because the browser itself has to interpret it and that way a human can always decrypt and manipulate it (using firebug like you said, for example).

the best way would be to rebuild the whole thing to not rely on secure data in client-side code - i know you said it's not possible, but i'm sure it is. maybe it's complicated, but the only really secure way.

EDIT:
i forgot you said it has to work offline - in that case i agree that client-side code is the way to go... as said, your only way is encryption/minification then and hoping no one is motivated enough to work through that ugly code.

这篇关于用JavaScript保护数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！