T
trey.bason
I know everyone who uses javascript at some point tries to think of a
way to hide it from curious users/hackers, so here goes my question.
I am trying to display an image map and keep the coords of the active
areas hidden from users. I have a page named test.htm that includes a
file get.php in a <script> tag that will dynamically generate some
javascript to write the imagemap. The get.php file will write a unique
key to a session that will identify each request. The get.php file will
make an ajax call to a file named get2.php. The get2.php file will
check the unique key in the session to make sure the request is valid.
If the request is valid get2.php will return a string which will be
javascript that creates an array for the coords of the imagemap.
Something like:
var arr = new Array(10, 10, 20, 20);
After the ajax call is successful get.php will do an eval() on the
string returned from get2.php to set the coords of the active area of
the imagemap. The get2.php request would expire, so that a user could
not simply do a request for the file in his browser and see what is
returned. Also the coords will change with each request, so figuring
out how to see the data in get2.php will be irrelevant as it will
always change.
My concern is: Is there a way to pull out what has been written to the
browser in that eval() in get.php?
way to hide it from curious users/hackers, so here goes my question.
I am trying to display an image map and keep the coords of the active
areas hidden from users. I have a page named test.htm that includes a
file get.php in a <script> tag that will dynamically generate some
javascript to write the imagemap. The get.php file will write a unique
key to a session that will identify each request. The get.php file will
make an ajax call to a file named get2.php. The get2.php file will
check the unique key in the session to make sure the request is valid.
If the request is valid get2.php will return a string which will be
javascript that creates an array for the coords of the imagemap.
Something like:
var arr = new Array(10, 10, 20, 20);
After the ajax call is successful get.php will do an eval() on the
string returned from get2.php to set the coords of the active area of
the imagemap. The get2.php request would expire, so that a user could
not simply do a request for the file in his browser and see what is
returned. Also the coords will change with each request, so figuring
out how to see the data in get2.php will be irrelevant as it will
always change.
My concern is: Is there a way to pull out what has been written to the
browser in that eval() in get.php?