Loading ...
Sorry, an error occurred while loading the content.

JSON Obfuscation via Compression

Expand Messages
  • TCQ
    Has anybody hacked a simple zipping algorithm for JavaScript terse literal constructs such as Arrays and Objects (JSON)? I am doing so much data piping through
    Message 1 of 5 , Dec 20, 2005
    • 0 Attachment
      Has anybody hacked a simple zipping algorithm for JavaScript terse
      literal constructs such as Arrays and Objects (JSON)?

      I am doing so much data piping through these constructs and for
      security reasons would like to obfuscate the data. A very simple zip
      algorithm could be used to acomplish and improve performance with out
      the IE goofienss of g-ziping.

      I am willing to pay a small performance hit client and server side for
      this for the added data security.

      Anybody seen such a hack?

      {id:"JsD"}
    • Andrew Durdin
      ... Obfuscation will not give you good security. If you want security for your data, then the most straightforward way is to use https for your JSON requests.
      Message 2 of 5 , Dec 20, 2005
      • 0 Attachment
        On 12/21/05, TCQ <despam2004@...> wrote:
        > Has anybody hacked a simple zipping algorithm for JavaScript terse
        > literal constructs such as Arrays and Objects (JSON)?
        >
        > I am doing so much data piping through these constructs and for
        > security reasons would like to obfuscate the data. A very simple zip
        > algorithm could be used to acomplish and improve performance with out
        > the IE goofienss of g-ziping.

        Obfuscation will not give you good security. If you want security for
        your data, then the most straightforward way is to use https for your
        JSON requests.

        On the other hand, compression would reduce bandwidth, and might well
        provide a performance boost. Have a look at Dean Edwards' packer
        (http://dean.edwards.name/packer/) for a javascript compressor that
        provides good compression while not relying on slow javascript
        implementations of compression algorithms to expand again.

        Andrew
      • TCQ
        ... for your data, then the most straightforward way is to use https for your JSON requests. I agree and am doing the https route but since I am mostly
        Message 3 of 5 , Dec 20, 2005
        • 0 Attachment
          > Obfuscation will not give you good security. If you want security
          for your data, then the most straightforward way is to use https for
          your JSON requests.

          I agree and am doing the https route but since I am mostly building
          intranet applications, I am more worried about making it easy for
          internal users to extract information that we do not want them easy
          access to. Eg. Customer Lists, etc.

          Being a huge fan of JavaScript application design, I love to leverage
          JavaScript for preformance boosting by storing data in JS files and
          using the caching of the clients browser. But, having such large lists
          on their machine is not a smart thing to do unless you make it very
          difficult to extract the data.

          By obfuscating the data, it will take much more than a joe user to
          extract useful data in a timely manner. Compression is just an added
          benefit.

          > On the other hand, compression would reduce bandwidth, and might
          well provide a performance boost. Have a look at Dean Edwards' packer
          > (http://dean.edwards.name/packer/) for a javascript compressor that
          > provides good compression while not relying on slow javascript
          > implementations of compression algorithms to expand again.

          Sweet. That is exactly the code I was thinking of.

          Thanks!
        • f3l
          http://www.west.co.tt/matt/js/redbug/redbug.html he alzo zips his source, WARNING: the demo may slow down your browser. ... -- //f3l
          Message 4 of 5 , Dec 21, 2005
          • 0 Attachment
            http://www.west.co.tt/matt/js/redbug/redbug.html
            he alzo zips his source, WARNING: the demo may slow down your browser.

            On 12/20/05, TCQ <despam2004@...> wrote:
            >
            > > Obfuscation will not give you good security. If you want security
            > for your data, then the most straightforward way is to use https for
            > your JSON requests.
            >
            > I agree and am doing the https route but since I am mostly building
            > intranet applications, I am more worried about making it easy for
            > internal users to extract information that we do not want them easy
            > access to. Eg. Customer Lists, etc.
            >
            > Being a huge fan of JavaScript application design, I love to leverage
            > JavaScript for preformance boosting by storing data in JS files and
            > using the caching of the clients browser. But, having such large lists
            > on their machine is not a smart thing to do unless you make it very
            > difficult to extract the data.
            >
            > By obfuscating the data, it will take much more than a joe user to
            > extract useful data in a timely manner. Compression is just an added
            > benefit.
            >
            > > On the other hand, compression would reduce bandwidth, and might
            > well provide a performance boost. Have a look at Dean Edwards' packer
            > > (http://dean.edwards.name/packer/) <http://dean.edwards.name/packer/%29>for a javascript compressor that
            > > provides good compression while not relying on slow javascript
            > > implementations of compression algorithms to expand again.
            >
            > Sweet. That is exactly the code I was thinking of.
            >
            > Thanks!
            >
            >
            >
            >
            > ------------------------------
            > YAHOO! GROUPS LINKS
            >
            >
            > - Visit your group "json <http://groups.yahoo.com/group/json>" on
            > the web.
            >
            > - To unsubscribe from this group, send an email to:
            > json-unsubscribe@yahoogroups.com<json-unsubscribe@yahoogroups.com?subject=Unsubscribe>
            >
            > - Your use of Yahoo! Groups is subject to the Yahoo! Terms of
            > Service <http://docs.yahoo.com/info/terms/>.
            >
            >
            > ------------------------------
            >



            --
            //f3l
            http://www.geocities.com/kyoosho/


            [Non-text portions of this message have been removed]
          • Martin Cooper
            ... This may be more than you re looking for, but you might want to take a look at Dojo ShrinkSafe: http://alex.dojotoolkit.org/shrinksafe/ -- Martin Cooper I
            Message 5 of 5 , Dec 21, 2005
            • 0 Attachment
              On 12/20/05, TCQ <despam2004@...> wrote:
              >
              > Has anybody hacked a simple zipping algorithm for JavaScript terse
              > literal constructs such as Arrays and Objects (JSON)?


              This may be more than you're looking for, but you might want to take a look
              at Dojo ShrinkSafe:

              http://alex.dojotoolkit.org/shrinksafe/

              --
              Martin Cooper


              I am doing so much data piping through these constructs and for
              > security reasons would like to obfuscate the data. A very simple zip
              > algorithm could be used to acomplish and improve performance with out
              > the IE goofienss of g-ziping.
              >
              > I am willing to pay a small performance hit client and server side for
              > this for the added data security.
              >
              > Anybody seen such a hack?
              >
              > {id:"JsD"}
              >
              >
              >
              >
              >
              >
              >
              >
              > Yahoo! Groups Links
              >
              >
              >
              >
              >
              >
              >
              >


              [Non-text portions of this message have been removed]
            Your message has been successfully submitted and would be delivered to recipients shortly.