Prev: Discount smet caps( www.nike-black.com )
Next: FAQ Topic - How do I protect my javascript code? (2010-07-10)
From: Evertjan. on 15 Jul 2010 03:59
Stefan Weiss wrote on 15 jul 2010 in comp.lang.javascript:

> I think that's because Opera sees all line endings in the textarea as
> CRLF sequences, while Firefox sees only one LF. Inserting characters
> (even whitespace) into the encrypted text will interfere with the
> decoding. It shouldn't be a big problem, however, because you can just
> normalize the line breaks at the start of the DECODE() function.

Even simpler, just do not augment the password reference letter position on
characters that are not to be converted, like cr, lf, space, tab, y, z.

In Chrome, there is the problem that view-source inserts a space and a \n,
where the original html does not have those, not even in the rendered page,
so the password I computed from the view-source did not fit your [John's]
original page.

Better leave the whole idea of encripting dubious <textarea> contents
alone. Why not just decript javascript strings and only SHOW the original
and the result in a <div>?


--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
From: Dr J R Stockton on 16 Jul 2010 17:59
In comp.lang.javascript message <GYadnQUr1NSbxKPRnZ2dnUVZ8kGdnZ2d(a)gigane
ws.com>, Thu, 15 Jul 2010 02:40:37, Stefan Weiss <krewecherl(a)gmail.com>
posted:

>
>For quite a while I thought that my decryption method must be flawed,
>because I didn't believe you'd actually use such a long password :-)
>

Actually, the password is DFDS, with the additional information that it
must first be expanded by Wikipedia. The other one is DDSG, treated
likewise.

The exercise has shown that, with a really crude and reversible
encoding, there's a measure of security against humans (there should be
full security against ordinary Web crawlers). With reasonable encoding
(such as using Johannes Baagoe's random generators to make a pseudo-one-
time-pad, with a sufficiently long initialising argument) one would do
considerably better.

And, after all, if the FAQ Subject line had intended to call for
*complete* protection, it would have had something like "all access".

It's like locking the doors and windows; that provides reasonable
security, but not against someone with a T-34 or an M1 Abrams.

--
(c) John Stockton, nr London, UK. ?@merlyn.demon.co.uk Turnpike v6.05 MIME.
Web <URL:http://www.merlyn.demon.co.uk/> - FAQqish topics, acronyms & links;
Astro stuff via astron-1.htm, gravity0.htm ; quotings.htm, pascal.htm, etc.
No Encoding. Quotes before replies. Snip well. Write clearly. Don't Mail News.
First  |  Prev  | 
Pages: 1 2
Prev: Discount smet caps( www.nike-black.com )
Next: FAQ Topic - How do I protect my javascript code? (2010-07-10)