Loading ...
Sorry, an error occurred while loading the content.

Re: JSON Obfuscation via Compression

Expand Messages
  • TCQ
    ... for your data, then the most straightforward way is to use https for your JSON requests. I agree and am doing the https route but since I am mostly
    Message 1 of 5 , Dec 20, 2005
    • 0 Attachment
      > Obfuscation will not give you good security. If you want security
      for your data, then the most straightforward way is to use https for
      your JSON requests.

      I agree and am doing the https route but since I am mostly building
      intranet applications, I am more worried about making it easy for
      internal users to extract information that we do not want them easy
      access to. Eg. Customer Lists, etc.

      Being a huge fan of JavaScript application design, I love to leverage
      JavaScript for preformance boosting by storing data in JS files and
      using the caching of the clients browser. But, having such large lists
      on their machine is not a smart thing to do unless you make it very
      difficult to extract the data.

      By obfuscating the data, it will take much more than a joe user to
      extract useful data in a timely manner. Compression is just an added
      benefit.

      > On the other hand, compression would reduce bandwidth, and might
      well provide a performance boost. Have a look at Dean Edwards' packer
      > (http://dean.edwards.name/packer/) for a javascript compressor that
      > provides good compression while not relying on slow javascript
      > implementations of compression algorithms to expand again.

      Sweet. That is exactly the code I was thinking of.

      Thanks!
    • f3l
      http://www.west.co.tt/matt/js/redbug/redbug.html he alzo zips his source, WARNING: the demo may slow down your browser. ... -- //f3l
      Message 2 of 5 , Dec 21, 2005
      • 0 Attachment
        http://www.west.co.tt/matt/js/redbug/redbug.html
        he alzo zips his source, WARNING: the demo may slow down your browser.

        On 12/20/05, TCQ <despam2004@...> wrote:
        >
        > > Obfuscation will not give you good security. If you want security
        > for your data, then the most straightforward way is to use https for
        > your JSON requests.
        >
        > I agree and am doing the https route but since I am mostly building
        > intranet applications, I am more worried about making it easy for
        > internal users to extract information that we do not want them easy
        > access to. Eg. Customer Lists, etc.
        >
        > Being a huge fan of JavaScript application design, I love to leverage
        > JavaScript for preformance boosting by storing data in JS files and
        > using the caching of the clients browser. But, having such large lists
        > on their machine is not a smart thing to do unless you make it very
        > difficult to extract the data.
        >
        > By obfuscating the data, it will take much more than a joe user to
        > extract useful data in a timely manner. Compression is just an added
        > benefit.
        >
        > > On the other hand, compression would reduce bandwidth, and might
        > well provide a performance boost. Have a look at Dean Edwards' packer
        > > (http://dean.edwards.name/packer/) <http://dean.edwards.name/packer/%29>for a javascript compressor that
        > > provides good compression while not relying on slow javascript
        > > implementations of compression algorithms to expand again.
        >
        > Sweet. That is exactly the code I was thinking of.
        >
        > Thanks!
        >
        >
        >
        >
        > ------------------------------
        > YAHOO! GROUPS LINKS
        >
        >
        > - Visit your group "json <http://groups.yahoo.com/group/json>" on
        > the web.
        >
        > - To unsubscribe from this group, send an email to:
        > json-unsubscribe@yahoogroups.com<json-unsubscribe@yahoogroups.com?subject=Unsubscribe>
        >
        > - Your use of Yahoo! Groups is subject to the Yahoo! Terms of
        > Service <http://docs.yahoo.com/info/terms/>.
        >
        >
        > ------------------------------
        >



        --
        //f3l
        http://www.geocities.com/kyoosho/


        [Non-text portions of this message have been removed]
      • Martin Cooper
        ... This may be more than you re looking for, but you might want to take a look at Dojo ShrinkSafe: http://alex.dojotoolkit.org/shrinksafe/ -- Martin Cooper I
        Message 3 of 5 , Dec 21, 2005
        • 0 Attachment
          On 12/20/05, TCQ <despam2004@...> wrote:
          >
          > Has anybody hacked a simple zipping algorithm for JavaScript terse
          > literal constructs such as Arrays and Objects (JSON)?


          This may be more than you're looking for, but you might want to take a look
          at Dojo ShrinkSafe:

          http://alex.dojotoolkit.org/shrinksafe/

          --
          Martin Cooper


          I am doing so much data piping through these constructs and for
          > security reasons would like to obfuscate the data. A very simple zip
          > algorithm could be used to acomplish and improve performance with out
          > the IE goofienss of g-ziping.
          >
          > I am willing to pay a small performance hit client and server side for
          > this for the added data security.
          >
          > Anybody seen such a hack?
          >
          > {id:"JsD"}
          >
          >
          >
          >
          >
          >
          >
          >
          > Yahoo! Groups Links
          >
          >
          >
          >
          >
          >
          >
          >


          [Non-text portions of this message have been removed]
        Your message has been successfully submitted and would be delivered to recipients shortly.