How to simply encode and decode a string variable with javascript.

views:

206

answers:

+1 Q:

How to simply encode and decode a string variable with javascript.

I need to simply encode a string variable (my api key) so that is not easily readable by human eyes, I need it to easily decode back to exactly the same initial string. What is the standard practical and fast (less computing on the user side) way to do this?

Many thanks in advance!

+2 A:

If it doesn't have to be super-secure, Base64 encoding is always handy:

http://www.webtoolkit.info/javascript-base64.html

Dave Swersky 2010-04-19 16:12:45

I ended up using http://plugins.jquery.com/project/b64 btw

Mohammad 2010-04-20 08:38:15

Good- just know that this method only makes it inconvenient, but far from impossible, to decode.

Dave Swersky 2010-04-20 11:31:58

I added some extra bits reversed the string, encoded it etc.. haha : ) I guess that makes it hard to know which bits were added especially since its been reversed too ^^ The decoder returns rubbish.

Mohammad 2010-04-21 09:21:17

I'm really "ok" with it being re-engineered so to speak at this point in the project I just want it not to be copy and paste-able you know. I'll need to find some real security sometime soon.

Mohammad 2010-04-21 09:24:15

See this please.

Sarfraz 2010-04-19 16:14:06

Everything you can do to obfuscate information on the client implies that you include the code for de-obfuscation right next to it.

So… apart from adding one extra step for your program (and the hypothetical attacker), you gain nothing. Well, not much anyway.

If your API key is secret, keep it on the server and let the server do the work through HTTP requests.

Tomalak 2010-04-19 16:14:14

Yes! thats true, but since I'm going to obfuscate the javascript functions themselves, which just kinda squishes them together and since the code is petty long, I'm just trying to take the "Ctrl + F" advantage away from them, forcing them to practically re-learn all the code to copy it. Which should discourage the amateurs. It's kind of project related I'm not sure how well I described it.

Mohammad 2010-04-19 16:25:57

@Mohammed: I know it's a thin line. But ask yourself - if it is secret (in terms of "bad things happen when people find out", JS obfuscation is not enough, and running it on the client is inherently dangerous, no matter in what shape or form. If it is not secret in these terms, why bother obfuscating it at all? So... who's your target audience, whom do you drive away?

Tomalak 2010-04-19 16:45:56

Tomalak you're right of course. I'll have to start worrying about that on my next security optimization. Thank you : )

Mohammad 2010-04-19 18:16:48

You could try a Javascript Obfuscator to either encode your whole script or parts. Not an absolute solution but a start to protecting your code.

bigstylee 2010-04-19 16:14:41

you could use a 3rd party base64 encoder library: http://ostermiller.org/utils/Base64.html

derek 2010-04-19 16:14:46

Is this secret information or not?

If it is secret, you need a real encryption library and some deep thinking too make sure your secret is kept secret. I would seriously consider never sending any secret to the browser.

If this isn't secret and you just need need to send this over the URL without it getting borked then escape()/unescape() are what you are looking for.

Mark Porter 2010-04-19 16:20:22

Use of `escape()`/`unescape()` is deprecated: https://developer.mozilla.org/en/Core_JavaScript_1.5_Guide/Predefined_Functions/escape_and_unescape_Functions

Tomalak 2010-04-19 18:28:20

ansaurus

tags:

views:

answers:

How to simply encode and decode a string variable with javascript.

related questions