[removed] hiding contents of key

Question

In the code below I want to hide the contents of the key(speaker) key being viewed by browser console.

var App_Version         


        

Answer 1

Javascript code is considered temperable so you can't really hide a password in your code. The best practice is to use oAuth2 which uses temporary tokens(to defer from passwortds) that in conjunction with things like CSRF can make you client side code more secure. Here's one library that can help you do that in JS. It does require that on your server side when accessing resources you need to validate that token (preferably on every call). To some it up if you need to store a password on the browser in order to log into a server - don't. Let the user log in and the afterwards use the token issues by the server or use a third party login and use the token you got from the third party authentication server.

Answer 2

Nice question even I had came across such situation where my API key and authentication token was visible at client side.Obfuscating a client side Javascript file is best option. You can use UglifyJS for obfuscating the clientside code. And also there must be permissions on the server side for creating and deleting objects.