Loading ...
Sorry, an error occurred while loading the content.

Re: [json] JSON Obfuscation via Compression

Expand Messages
  • Andrew Durdin
    ... Obfuscation will not give you good security. If you want security for your data, then the most straightforward way is to use https for your JSON requests.
    Message 1 of 5 , Dec 20, 2005
    • 0 Attachment
      On 12/21/05, TCQ <despam2004@...> wrote:
      > Has anybody hacked a simple zipping algorithm for JavaScript terse
      > literal constructs such as Arrays and Objects (JSON)?
      >
      > I am doing so much data piping through these constructs and for
      > security reasons would like to obfuscate the data. A very simple zip
      > algorithm could be used to acomplish and improve performance with out
      > the IE goofienss of g-ziping.

      Obfuscation will not give you good security. If you want security for
      your data, then the most straightforward way is to use https for your
      JSON requests.

      On the other hand, compression would reduce bandwidth, and might well
      provide a performance boost. Have a look at Dean Edwards' packer
      (http://dean.edwards.name/packer/) for a javascript compressor that
      provides good compression while not relying on slow javascript
      implementations of compression algorithms to expand again.

      Andrew
    • TCQ
      ... for your data, then the most straightforward way is to use https for your JSON requests. I agree and am doing the https route but since I am mostly
      Message 2 of 5 , Dec 20, 2005
      • 0 Attachment
        > Obfuscation will not give you good security. If you want security
        for your data, then the most straightforward way is to use https for
        your JSON requests.

        I agree and am doing the https route but since I am mostly building
        intranet applications, I am more worried about making it easy for
        internal users to extract information that we do not want them easy
        access to. Eg. Customer Lists, etc.

        Being a huge fan of JavaScript application design, I love to leverage
        JavaScript for preformance boosting by storing data in JS files and
        using the caching of the clients browser. But, having such large lists
        on their machine is not a smart thing to do unless you make it very
        difficult to extract the data.

        By obfuscating the data, it will take much more than a joe user to
        extract useful data in a timely manner. Compression is just an added
        benefit.

        > On the other hand, compression would reduce bandwidth, and might
        well provide a performance boost. Have a look at Dean Edwards' packer
        > (http://dean.edwards.name/packer/) for a javascript compressor that
        > provides good compression while not relying on slow javascript
        > implementations of compression algorithms to expand again.

        Sweet. That is exactly the code I was thinking of.

        Thanks!
      • f3l
        http://www.west.co.tt/matt/js/redbug/redbug.html he alzo zips his source, WARNING: the demo may slow down your browser. ... -- //f3l
        Message 3 of 5 , Dec 21, 2005
        • 0 Attachment
          http://www.west.co.tt/matt/js/redbug/redbug.html
          he alzo zips his source, WARNING: the demo may slow down your browser.

          On 12/20/05, TCQ <despam2004@...> wrote:
          >
          > > Obfuscation will not give you good security. If you want security
          > for your data, then the most straightforward way is to use https for
          > your JSON requests.
          >
          > I agree and am doing the https route but since I am mostly building
          > intranet applications, I am more worried about making it easy for
          > internal users to extract information that we do not want them easy
          > access to. Eg. Customer Lists, etc.
          >
          > Being a huge fan of JavaScript application design, I love to leverage
          > JavaScript for preformance boosting by storing data in JS files and
          > using the caching of the clients browser. But, having such large lists
          > on their machine is not a smart thing to do unless you make it very
          > difficult to extract the data.
          >
          > By obfuscating the data, it will take much more than a joe user to
          > extract useful data in a timely manner. Compression is just an added
          > benefit.
          >
          > > On the other hand, compression would reduce bandwidth, and might
          > well provide a performance boost. Have a look at Dean Edwards' packer
          > > (http://dean.edwards.name/packer/) <http://dean.edwards.name/packer/%29>for a javascript compressor that
          > > provides good compression while not relying on slow javascript
          > > implementations of compression algorithms to expand again.
          >
          > Sweet. That is exactly the code I was thinking of.
          >
          > Thanks!
          >
          >
          >
          >
          > ------------------------------
          > YAHOO! GROUPS LINKS
          >
          >
          > - Visit your group "json <http://groups.yahoo.com/group/json>" on
          > the web.
          >
          > - To unsubscribe from this group, send an email to:
          > json-unsubscribe@yahoogroups.com<json-unsubscribe@yahoogroups.com?subject=Unsubscribe>
          >
          > - Your use of Yahoo! Groups is subject to the Yahoo! Terms of
          > Service <http://docs.yahoo.com/info/terms/>.
          >
          >
          > ------------------------------
          >



          --
          //f3l
          http://www.geocities.com/kyoosho/


          [Non-text portions of this message have been removed]
        • Martin Cooper
          ... This may be more than you re looking for, but you might want to take a look at Dojo ShrinkSafe: http://alex.dojotoolkit.org/shrinksafe/ -- Martin Cooper I
          Message 4 of 5 , Dec 21, 2005
          • 0 Attachment
            On 12/20/05, TCQ <despam2004@...> wrote:
            >
            > Has anybody hacked a simple zipping algorithm for JavaScript terse
            > literal constructs such as Arrays and Objects (JSON)?


            This may be more than you're looking for, but you might want to take a look
            at Dojo ShrinkSafe:

            http://alex.dojotoolkit.org/shrinksafe/

            --
            Martin Cooper


            I am doing so much data piping through these constructs and for
            > security reasons would like to obfuscate the data. A very simple zip
            > algorithm could be used to acomplish and improve performance with out
            > the IE goofienss of g-ziping.
            >
            > I am willing to pay a small performance hit client and server side for
            > this for the added data security.
            >
            > Anybody seen such a hack?
            >
            > {id:"JsD"}
            >
            >
            >
            >
            >
            >
            >
            >
            > Yahoo! Groups Links
            >
            >
            >
            >
            >
            >
            >
            >


            [Non-text portions of this message have been removed]
          Your message has been successfully submitted and would be delivered to recipients shortly.