0

I am creating javascript array dynamically using php for instance I will take one example here

<?php

echo "<script>
           var array={ 
                       'A' : { 
                                'a':123 ,
                                'b':[[1,2],[3,4]]
                             }
                     };

 function dum(arr)
    {           
           window.alert(arr);
    }

dum(array['A']['a']);

</script>";


?>

In my case array which I created holds some very important information which I do not want to share with any of my client, since its impossible to mask view source in browser which I understood from my previous post, so I would like to encrypt it before echo so that in view source client won't be able to understand what this array is, what this array contains, and then I am sending this array to my function in this case its dum, inside function dum I would like to descrypt it, and then I will process.

I hope my approach is clear, negative voters kindly comment so that I will understand my mistake.

Improve this question
7
  • This isn't a good idea. Since your decrypt function is client-side too, this isn't really a safe encryption. Every visitor of your side could see the decrypt function and could decrypt the array. You have to encrypt/decrypt on the server side and store the encrypted information e.g. in an encrypted cookie or something like that. Commented Apr 6, 2014 at 12:08
  • Dear morten.c can you give sample demo, as I don't have much knowledge about it, if you have time please help me Commented Apr 6, 2014 at 12:14
  • @morten.c Such visitor don't even need to use decrypt function, he can simply trace the result value by browser's Developer Tools Commented Apr 6, 2014 at 12:15
  • @hindmost You're right, but I tried to give an idea why this isn't secure by design. Commented Apr 6, 2014 at 12:18
  • @Peter Stick to Quentins answer, start with some reading about php sessions (unfortunatley you could do many things wrong at the beginning). Additionally you could read about encrypted cookies, but in most cases it's better to keep the data away from the client at all. Commented Apr 6, 2014 at 12:20

1 Answer 1

Reset to default
1

While you could encrypt the data before sending it to the client, if you want to do anything with it then you'll also have to send the client instructions on how to decrypt it, which would make the content available to the user.

If you don't want the user to have access to the data, then the only decent option is to never send the data to the browser in the first place.

Keep it on the server. Process it on the server. Associate it with a user using a session.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks for your response, but how can I do this ? can you give a demo, if you have time

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.