Obfuscate file names in webpage_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-03-22 13:27 出处：网络

I\'m creating a web-application which will be taking survey-type data. Users are presented with several files and asked a question. The user, in the hope of not skewing data, must not be able to know

I'm creating a web-application which will be taking survey-type data. Users are presented with several files and asked a question. The user, in the hope of not skewing data, must not be able to know the file name of the file.

An empty div is created for a JPlayer instance to sit in, and I have added the "location" attribute to the div, so while setting up the JPlayer instance on the client side the JPlayer knows what .wav to play

 <div id="jquery_jplayer" class="jp-jplayer" location="sound.wav"></div>

Here is part of the javascript which sets up the sounds to be played and here its easy to see that the f开发者_开发技巧ile location is simply dragged from the div

$("#jquery_jplayer").jPlayer("setMedia", {
    wav: $(this).attr("location")
});

Basically, the intention is to hide "sound.wav" from the HTML document and keep the javascript dynamic. A translation file between obfuscated and deobfuscated could be possible but it would be nice to keep this dynamic.

If you want to truly hide logic from your viewers, then you need to do it server-side rather than with client-side javascript. You can "complicate" the dissection of what is happening in the client-side code, but you cannot truly hide it.

If you want further help with the obfuscation, you'll have to describe better what you're really trying to do. The current description doesn't seem to offer enough information. What is this file path? What is it being used for? Why do you need to hide it?

If what you really want is just a Javascript function to obfuscate and de-obfuscate the sound filename, you can find lots of options with Google depending upon how elaborate you want to get. My guess here is that the determined cheat won't be fooled (since all the code is there for deobfuscating) so all you're really trying to do is make it non-obvious at first glance. Thus, any simple algorithm will do.

Since you're already using jQuery, here's a jQuery that does simple string obfuscation: http://plugins.jquery.com/project/RotationalStringObfuscator. You'd have to run the obfuscator yourself in some sort of test app to record what the server should set each filename to and then do the reverse in the client when you want to actually use the filename.

If you ask me, a better solution would be to give the filenames non-meaningful names from the beginning. This would be names like 395678264.wav and just use them that way (on both server and client). Then, the name is meaningless to anyone snooping. No deobfuscation or translation table is required because this is the real filename.