Re: how to protect javascript codes

Hi.
I know it can not be guaranteed 100%.

but I found similar approach in mozilla site.

http://www.mozilla.org/projects/security/components/signed-scripts.html

the aim of Signed Script in Mozilla is actually same to my concerns.

is there any discussions for mozilla signed script project?


On Sat, Nov 17, 2012 at 10:49 AM, Dan Veditz <dveditz@mozilla.com> wrote:

> On 11/16/12 5:07 PM, Mountie Lee wrote:
>
>> the reason why we need to protect javascript codes are as following
>> - javascript codes are easily changed on client side.
>> - service provider want to make sure the business logic implemented with
>> javascript is exactly same to server's
>>
>
> You can't ever guarantee that. In the trivial case let's say we do come up
> with a fool-proof mechanism, then a user can just create their own client
> without that mechanism (both Gecko and Webkit are open source).
>
> So who's your threat? If it's the user give up now. The user's computer
> likewise: malware can replace or hack into browser components.
>
> If both the user and site are trustworthy then we can do things to make
> sure the code is reliably transmitted between the two. The WebAppSec
> working group has discussed things along these lines.
>
> -Dan Veditz
>
>


-- 
Mountie Lee

PayGate
CTO, CISSP
Tel : +82 2 2140 2700
E-Mail : mountie@paygate.net

=======================================
PayGate Inc.
THE STANDARD FOR ONLINE PAYMENT
for Korea, Japan, China, and the World

Received on Saturday, 17 November 2012 02:26:34 UTC