encrypt value from browser view source_问答_开发者

开发者 https://www.devze.com 2023-03-10 14:31 出处：网络

Is there a way i can encrypt or scramble a certain text so i开发者_运维技巧t cannot from browser view source.For example if i have a video id 117 showing in the view source html, and i want to encrypt

相关专题：javascript php

Is there a way i can encrypt or scramble a certain text so i开发者_运维技巧t cannot from browser view source. For example if i have a video id 117 showing in the view source html, and i want to encrypt that or make it difficult to read, is this possible.

If you want the video link to be useless except in the context of the page you've just returned to the client, you can do something with server-side code.

The usual thing is a one-time or limited-duration ID that's generated specifically for the page. For instance, ab23jjgk23098jajzklwravmzzxwrpo2q3476as rather than 117. On the server, you have a table mapping these one-time / limited-time IDs to the real ID. In the table you can also link the ID to the IP address of the request for the page, and then only respect the ID if the request for the video comes from that same IP address. It's important that the IDs not actually contain the video ID (obfuscated or not), hence the server-side table, and that they be effectively random.

I say "table," but of course it needn't really be a database table. It could be anything that lets you store key/value pairs, such as memcached.

Update based on your comment below.

Without server-side mapping (database, session, memcached, etc.), all you can do is some obfuscation, and it's going to be easy for anyone semi-technical to break. If what you're outputting is a URL (in a link, in an object tag, etc.), you can use URL-encoding to make it hard to read, e.g.:

<a href='video.php?%6e%6f%6e%73%65%6e%73%65=%66%6f%6f&%69%64=%31%31%37&%72%75%62%62%69%73%68=%62%61%72'>video</a>

...which, when clicked, will call your video.php file with the parameters nonsense=foo, id=117, and rubbish=bar (that's what's encoded in the query string, using percent-encoded entities). But again, although it might deter non-technical people, technical people won't be fazed.

Since the browser must be able to properly render the page, the source code will always be available in one way or another.

You can however obfuscate the code quite a bit. Search for html php obfuscation and you'll find good links. Here are a few:

PHP code to obfuscate HTML?
HTML Scrambler
Free HTML Obfuscator

The following code for instance:

<html>
<body>
<a href="videolink.php?id=117">link</a>
</body>
</html>

can be scrambled / obfuscated into

<script language="JavaScript" type="text/javascript">
// Copyright © 2005 Voormedia - WWW.VOORMEDIA.COM
var i,y,x="3c68746d6c3e0d0a3c626f64793e0d0a3c6120687265663d22766964656f6c696e6b2e7068703f69643d313137223e6c696e6b3c2f613e0d0a3c2f626f64793e0d0a3c2f68746d6c3e";y='';for(i=0;i<x.length;i+=2){y+=unescape('%'+x.substr(i,2));}document.write(y);
</script>

In addition to tj's answer, you could also use a session value to direct the user to the video, or even use a limited duration cookie to store the one time id, which expires when the id does, so the user could return to the video if they accidentally navigate off it.

Perhaps make a little flash app that the link calls a method via javascript (see ExternalInterface) that decodes the passed link data and navigates to. Still can be reversed, but much harder then just using the browsers DOM Inspector.

You could also encrypt the link using some strong encryption such as Blowfish and a key only known to the flash app, but really its up to you how secure you want this to be, and again, once that key has been reversed from the flash swf anyone can decode the link data.