Html encryption in perl question

[WebmasterA]

Hello everyone.

I was trying to search this forum for an answer to the question I have and I was not able to do so. Therefore I am asking this question.

I need to encrypt my HTML output so other people cannot see the output data because it consist sensitive data (numbers used for caculation.)
I have a perl (.cgi) form that does some calculation using some numbers from the hidden field in the form. I need hide those numbers from people who can do view source.

Please advise.

Thank you very much.

- Andrey

P.S. Let me know if you need more info about what I am trying to do.

 

[InDenial]

Html encryption won't work. The data is still there... Only thing you might be able to do is encrypt the value in the hidden field to a value to wich only you have the key.

Other option would be to put the values in a database and get the data you need from the database to calculate the outcome.

This is just theoretical I have no experience with this situation, but theory is the basics for a solution...;-)

InDenial

 

[WebmasterA]

Thank you for response.

Why would not encryption work? I have seen it done with third party software so I assume that there is a way to do it with perl.

All the data is in the database as it is, but the problem is that the results are calculated by javascript depending on what clients chose - the page is not getting reloaded. So the starting data has to be either stored in hidden fields or javascript variables.

 

[philote]

You're not going to be able to secure the data in your html. See this page for details:

http://www.vortex-webdesign.com/help/hidesource.htm

Also, you may have better luck with this in the HTML forum(forum215).

 

[InDenial]

Question: if you have the ability to use server side scripting why use javascript? Especially if you are dealing with sensitive data?

I would get rid of the javascript and go perl all the way.

InDenial

 

[icrf]

Agreed, the standard rule of thumb for web programming is trust nothing you get from the user, even if you think it'd be difficult or impossible to fake. Trust me, if it comes from the user, it can be spoofed.

Leave the JS in so the user can see updates in realtime, but back on the server, take the initial figures the JS used to calculate a response and generate it yourself on the server from the inital data. You'll get fewer instances of products "bought" for no money that way.

________________________________________
Andrew

 

[WebmasterA]

Thanks for info guys.

I have a small form with radio buttons that have to be there (data is stored as value of the radio field). I cannot do any calculations serverside. Whatever I do has to be done in javascript. I am not trying to hide the numbers from experienced programmers and hackers. What I want to do is to hide it from regular user/beginner programmer who may want to take a look into the source code.
I have seen it done a while ago and unfortunatelly I do not remmeber how it was done.

Thank you.

- Andrey

 

[PaulTEG]

your best bet is to write it in really hard to follow code, there are javascript obfuscators, but once its landed in the browser it can be reverse engineered
--Paul

It's important in life to always strike a happy medium, so if you see someone with a crystal ball, and a smile on their face ... smack the fecker