3

When I normally return the Ajax/JSON from PHP, the Javascript get it and stores it inside a variable, like: var myJSON = ajaxReturnedJSON; Then Javascript read it.

I'm seriously curious to know if, php encrypts the json: 

echo json_encode($encrypted_data); //using some key like: "abc123"
  • Then, can Javascript decrypt it back by using same key?
  • Is there any common encrypt/decrypt method between php and js?

Note: I understand key will be visible at JS side but i can also use JS Obfucators to hex the whole characters, whole JS file. So more or less it will protect, rather then plain/nothing.

Welcome to any ideas and discussions.

Improve this question
7
  • 5
    Whatever you think you're doing, you aren't. If you're unencrypting something with javascript, you're using a key/encryption method visible for and useable by everyone, hence you might as well not. Commented Jan 28, 2013 at 10:32
  • What's the point in keeping your decrypt code & key in js, when you know that it is readable by the user? Commented Jan 28, 2013 at 10:32
  • So how were the contents of $encrypted_JSON encrypted before? Commented Jan 28, 2013 at 10:32
  • 1
    Do you mean Encode and Decode? This is not the same as Encrypt and Decrypt. You propably mean encode (as json in this case) Commented Jan 28, 2013 at 10:33
  • 1
    Decrypting with JavaScript and key being stored in it is like telling someone hey my door is locked for you but oh here is the key to it Commented Jan 28, 2013 at 10:34

1 Answer 1

Reset to default
3

Sure. Encryption and decryption algorithms are just mathematical operations which can be performed in virtually any programming language. Javascript being a programming language you can implement any decryption algorithm in it you need.

This is typically pretty pointless though if this Javascript is running in the browser. Encryption is used to hide information from somebody. In a server-client scenario, there are three parties: web server, browser/user, third parties. Now:

  • You don't need to hide information from the web server, because that's you.
  • You cannot hide information from the browser/user, since what's the point? Just don't output the information in the first place if you need to hide it. If the browser/Javascript can decrypt the information, so can the user, so it's not hidden.
  • Transport encryption may hide the information from the prying eyes of third parties (men in the middle and such), but for that there's already a better solution: SSL/TLS. Also, if you're sending all the information needed to decrypt data down to the client, third parties can intercept this as well and decrypt the data just like the client.
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

I understand key will be visible at JS side but i can also use JS Obfucators to hex the whole characters, whole JS file. So more or less it will protect, rather then plain and nothing.
It's just obfuscation in any way. If I, the user, want the information, I'll just set a breakpoint on the script which decrypts the information and read the decrypted content right out of memory. Whatever happens in the browser is/can be completely transparent to anybody who knows where to look. It's not secure. What are you trying to hide and why?
Customer Location Coordinates for Google Map. Just need to output on map, but can NOT let it be leaked out.
If you're displaying them on a map... aren't they "leaked"?!
Displaying as pin points are ok, as long as it is huge count, and the exact lat/lng are not given as a one complete data bundle.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.