Re: Web Forms filtered with SQL constraints

["saphyr" <saphyr () infomaniak ch>]

Hi list !

HTML code source can be obfuscated through a javascript method.
BUT obfuscation only means what it means: obfuscation and neither
'encryption' nor 'hashing'.

Javascript has access to the document object model at runtime. Many
document childs do have some 'value' or 'text' or even 'innerhtml'
members, which can be modified at run time.

Here's an example of what you might be interrested into. Please take
assumption that I quite never code in javascript so that this only a
proof of concept, and might have many errors in it...

---------------------jsscript.asp----------------------------
var longstring = "iucpoint48cn09450945u90newuwpio....
          ... many lines of longstring....
         dfjkséfkj";

function decrypt(astring)
{
        //some decryption algorithm here
}
---------------------jsscript.asp----------------------------



---------------------obfuscated.html----------------------------
<script src="jsscript.asp">
<script>
    var contentComponent = document.getElementById("pagecontent");
    contentComponent.innerHTML = decrypt(longstring);
</script>

<div id="pagecontent">
</div>
---------------------obfuscated.html----------------------------


The game here is to generate the 'jsscript.asp' dynamically in order
to put the encrypted string into it. The hacker will have to understand
the decryption algorithm to decipher the text.

Assuming the decryption algorithm should be clearly accessible, this
method should only be used as an end-user  protection measure. Any
good hacker will quickly find the way to reverse the decryption algorithm.

my 2 swiss francs..

.antoine







------------oOoo---Ôô----ooOo---------------------------
http://www.nxtg.net/saphyr/  (blog perso)
http://www.nxtg.net/is/ (blog - fr - communication web)
http://dotnetjunkies.com/weblogs/afontes/ (blog - fr - communication web)
E-mail: monprenom () mondomaine net
-------------------------------------------------------------