私钥的客户端存储
[英]client-side storage of private key
问题描述
I know that we're not supposed to "trust" the client because JavaScript is an interpreted language and it is trivial to inspect variables, even with code obfuscation and uglifying. 
我知道我们不应该“信任”客户端,因为JavaScript是一种解释型语言,即使使用代码混淆和丑化,检查变量也是微不足道的。
Still, I wanted to ask the following : 不过,我想问下列问题:
- is it possible to store a variable that is very hard to access? 是否可以存储一个非常难以访问的变量? ie some kind of javascript trigger that is able to detect when the event loop has been stopped (and react accordingly?) 即某种javascript触发器能够检测到事件循环何时停止(并做出相应的反应?)
- ie I wanted to store a secret value in the client but I didn't want clients to actually go and look at what the value actually was. 即我想在客户端存储一个秘密值,但我不希望客户真正去看看实际值是多少。
thanks 谢谢
Follow-up : even if the client can find the variable, is it possible to detect tampering of the variable? 跟进:即使客户端可以找到变量,是否可以检测到变量的篡改? ie some polling between the client/server such that if the client event loop doesn't respond periodically every X seconds then the server considers the client compromised? 即在客户端/服务器之间进行一些轮询,这样如果客户端事件循环每隔X秒没有定期响应,那么服务器会认为客户端受到了损害?
1 个解决方案
解决方案1
4 2012-11-13 19:04:50
如果客户端拥有它,客户端可以找到它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.