简体繁体 English

加密Ajax数据的最佳和最安全的方法是什么？

[英]What is the best and most secure way to encrypt Ajax data?

原文 2011-07-23 21:58:25 0 4 php/ javascript/ jquery/ ajax/ security

I'm developing a website where people will be able to register and access different data via Ajax (powered by jQuery). 我正在开发一个网站，人们可以在该网站上通过Ajax（由jQuery提供支持）注册和访问不同的数据。 This is all simple and i shall have no problems doing. 这很简单，我做的时候不会有问题。 the issue is that the data showed by Ajax needs to be secure and not available to be parsed through remote scripts. 问题是Ajax显示的数据需要安全，并且不能通过远程脚本进行解析。 I can encrypted the data through a AES (in PHP) and decrypt successfully in javascript, but the javascript code will always be visible to everyone (after login). 我可以通过AES（在PHP中）对数据进行加密，并在javascript中成功解密，但是javascript代码对所有人（登录后）始终都是可见的。 I can use an obfuscator and javascript encryption, but both ways, even mixed, are not secure enough and decryptable. 我可以使用混淆器和javascript加密，但是两种方法，即使混合使用，也不够安全且不可解密。 I would prefer avoiding SSL connections, since I am trying to prevent registered users from accessing the information and the SSL connection would only prevent unregistered users from accessing the data. 我宁愿避免使用SSL连接，因为我试图阻止注册用户访问信息，而SSL连接只会阻止未注册用户访问数据。

Registered users will be able to earn money therefore very interested in cheating the code, this is why it has to be bulletproof. 注册用户将能够赚钱，因此对欺诈代码非常感兴趣，这就是为什么它必须防弹的原因。

Unfortunately the system needs definitely Ajax (the whole working principle needs to be based on Ajax). 不幸的是，系统肯定需要Ajax（整个工作原理必须基于Ajax）。 The ideal solution would be a way to save the encryption key on a place that can be saved by php and accessed by javascript, but not by users, remote script parsers etc. 理想的解决方案是将加密密钥保存在可以由php保存并且可以由javascript访问的位置上，但是不能由用户，远程脚本解析器等访问的位置。

Does anyone know a way to create a secure Ajax connection for this purpose? 有人知道为此目的创建安全Ajax连接的方法吗？

I really appreciate all your help. 非常感谢您的帮助。

4 个解决方案

You want something that browsers do not do. 您需要浏览器无法做到的事情。

You've asked for: "The ideal solution would be a way to save the encryption key on a place that can be saved by php and accessed by javascript, but not by users, remote script parsers etc." 您已经问过： "The ideal solution would be a way to save the encryption key on a place that can be saved by php and accessed by javascript, but not by users, remote script parsers etc."

The design of the web browser and javascript engine in the browser is such that any Javascript that the web browser can execute can be seen by a human who wants to look at it, steal it, borrow it, whatever. Web浏览器和浏览器中的javascript引擎的设计使得想要查看，窃取，借用它的人可以看到该Web浏览器可以执行的任何Javascript。 Period. 期。 There is NO such place that can be accessed by Javascript, but not by users or remote script parsers. 没有Java可以访问的地方，但是用户或远程脚本解析器不能访问。 You will have to rethink how your app works if this is a problem. 如果出现问题，您将不得不重新考虑应用程序的工作方式。 Most likely, you need to keep the secret stuff on the server and do more work on the server and less work on the client in order to protect what you want to protect. 最有可能的是，您需要将机密内容保存在服务器上，并在服务器上进行更多工作，而在客户端上进行较少工作，以保护您想要保护的内容。 If you think about it, a browser is just a remote script parser so if you prevent remote script parsing, you prevent a browser. 如果考虑到这一点，浏览器只是一个远程脚本解析器，因此如果您阻止远程脚本解析，就可以阻止浏览器。 If you allow a browser, you allow a remote script parser. 如果允许浏览器，则允许远程脚本解析器。

You can obfuscate your Javascript to your heart's content if you want. 如果需要，您可以根据自己的意愿来混淆Javascript。 That will make it a little more work for a human to understand and do something useful with it, but it will only be an additional obstacle that any determined and competent person can defeat if they really want to. 这将使人类对它的理解和使用它做更多的工作，但这只会是任何坚决而有能力的人如果真的愿意击败的又一个障碍。 If this secrecy is really important to you, then you need to rethink the design of the app so that secret information is not required in the browser and the browser just works as a display and interaction engine. 如果这种保密对您真的很重要，那么您需要重新考虑应用程序的设计，以便浏览器中不需要秘密信息，并且浏览器仅用作显示和交互引擎。

Just so I'm clear here. 只是我在这里很清楚。 Any code that can be executed by a browser must, by definition, be something that any user or any tool can download and inspect. 根据定义，浏览器可以执行的任何代码都必须是任何用户或任何工具都可以下载和检查的代码。 You can use SSL to protect data from snoopers in transport, but it ultimately has to be readable as Javascript for the browser to be able to execute it. 您可以使用SSL保护数据免受传输中的窥探者的侵害，但最终它必须像Javascript一样可读，浏览器才能执行它。

You can't do exactly what you want. 您不能完全按照自己的意愿做。 It's like a cheat-proof game design. 这就像一个防作弊的游戏设计。 You CAN make it HARDER, even MORE hard, but NOT 100% secure. 您可以使其更加困难，甚至更加困难，但并非100％安全。 You've got to solve the problem froma different approach, like, whatever that is, examine the actions at server-side (eg in a stateful manner) and try to detect any non-human behavior. 您必须采用不同的方法来解决问题，例如，无论采用哪种方法，都要在服务器端检查操作（例如，以有状态的方式），并尝试检测任何非人为的行为。 But it's only a matter of someone creating a realistic bot that mimicks the behavior of humans. 但这只是某个人创造的模拟机器人模仿人类行为的问题。 Encryption is used for preventing 3rd parties -- other than the server and the client -- from eavesdropping/capturing data, NOT for the client. 加密用于防止第三方（服务器和客户端除外）窃听/捕获数据，而不是客户端。 I'm not saying give up on the whole thing, but try a different approach to secure the system. 我并不是说要放弃整个事情，而是尝试使用另一种方法来保护系统。 I want to help more, but don't know what exactly you are trying to achieve. 我想提供更多帮助，但不知道您到底想达到什么目标。

authentication is the only ways to do it. 身份验证是唯一的方法。

Just get your users to authenticate (login) and send them the random seed and salt you've used to encrypt their data. 只需让您的用户进行身份验证（登录），然后向他们发送用于加密数据的随机种子和盐即可。

Without the seed/salt, even though a malicious user can decrypt your data it will still be garbage. 没有种子/盐，即使恶意用户可以解密您的数据，它仍然是垃圾。

If you want javascript to use a piece of data then clients use that data. 如果您希望javascript使用一条数据，则客户端将使用该数据。

If you don't want data to be re-used set up a server-side system where each chunk of data is only valid once. 如果您不希望重复使用数据，请设置一个服务器端系统，其中每个数据块仅有效一次。

Proper authentication should solve all these problems. 正确的身份验证应解决所有这些问题。

I want the users to be able to see the data only when Ajax displays them 我希望用户仅在Ajax显示它们时才能看到数据

Then load the data when ajax get's it and not before. 然后在ajax得到它而不是之前时加载数据。 Or only partially load data and off-load any sensitive work to the server. 或仅部分加载数据并将所有敏感工作卸载到服务器。

我认为最好的做法是使您的代码（生产代码）过于复杂以至于无法阅读和编辑，您应该使用字母[az]重命名所有变量，而不应该声明ny函数始终在另一个function(){}内部使用function(){}这样，逻辑上更加复杂，客户端仍然可以看到代码，但与代码无关。编辑：我意识到这是一个糟糕的建议