发表新帖
发表新帖

[removed] hiding contents of key

前端 未结
关注
8 1264
梦谈多话
梦谈多话 2020-12-22 14:04

In the code below I want to hide the contents of the key(speaker) key being viewed by browser console.

var App_Version
相关标签:
8条回答
  • 被撕碎了的回忆
    2020-12-22 14:45

    using jwt we can encrypt data.try this link

    0 讨论(0)
  • 隐瞒了意图╮
    2020-12-22 14:46

    although it's not fully clear from the small code provided, protecting it from the browsers console is straight forward IF we are only talking about someone console.logging the value (as your question seems to hint).

    you can put it inside a closure, something like a revealing/modular pattern:

    var app = (function () {

    var Speaker = "something";
    // only available on app declaration as the function is immediately called
    return // some object/function protecting the speaker value
})();

console.log(Speaker); // gives an error
console.log(app.Speaker); // gives an error

    This of course only stops someone using basic dev tools like console.log, it wont stop someone adding breakpoints. the nature of javascript I'm afraid

    0 讨论(0)
  • 南方客
    2020-12-22 14:53

    If var Speaker = "password"; is hardcoded somewhere in your client code, you are out of luck. See Password encryption at client side, and Howto hide Credentials in a pure Javascript HTML Web App and Is it worth hashing passwords on the client side because everyone will say not to hide/obfuscate a password on the client-side.

    However, If you really, really just want to remove the password altogether from your client code, then use a server-side script to "proxy" your AJAX request and silently add the password as a POST parameter (for example) in transit to the true destination. See Angular REST API security

    If you are adamant about using some kind of crypto on the client-side, I found angularjs-crypto which is an "AngularJS module for decryption/encryption of JSON in HTTP requests/responses". It is based on crypto-js. I still strongly against taking a hardcoded password and encrypting it on the client-side, however.

    0 讨论(0)
  • 暗喜
    2020-12-22 14:55

    There is no way in Javascript to hide the contents of a variable without unsetting the variable, which is of no use to you if you need to reference whatever that value was later. A few options to choose from, depending on exactly what you need would be this:

    Hashing the value

    You could has the value with MD5 or SHA. This way the user doesn't know what the value is but you can still send it off to the server and store it that way

    Store the value on the server

    You could store the value on the server and reference it with some sort of key. That way the user never sees the actual value, they are just checking the server to see if the value they have matches what the server has.

    If this is a password that is being generated and we never want the user to see it, your best bet is to handle all of that on there server, this way there is no chance the user will ever even have the value on the client side.

    0 讨论(0)
  • 庸人自扰
    2020-12-22 15:00

    Well you can't "hide" javascript.

    You can encrypt it with an obfuscator but most people can decrypt it using a beautyfier. However check this out:

    OBFUSCATOR

    0 讨论(0)
  • 说谎
    2020-12-22 15:00

    Well you can't "hide" javascript. but you can encrypt them using OBFUSCATOR and other tools

    0 讨论(0)
 看不清?
提交回复
热议问题