Look like no one took the ball and ran with it for you, Steve. I was preparing for the RIAcon conference that happened this weekend so couldn't keep up on email until now.
So if you're passing things on the URL, while you can use something like urlencodedformat to make it "safe", that of course doesn't make it "more unreadable". But I think you'll find that binaryencode will work for you, to achieve both goals. (It was added in CF 7.) I realize then the next trick will be being able to decode it in JS. I don't work with that so can't make a suggestion. But do note that the binaryencode function has an argument that offers 3 choices of encoding (Hex, UU--for UUEncoding, and base64). I would expect that JS should have a function (or an available library somewhere) to decode one of those formats. Finally, you may want to test things out yourself first, passing such strings around and decoding them yourself purely in CFML. The complement to the above it binarydecode. Let us know if that helps. /charlie > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Steve Onnis > Sent: Thursday, August 04, 2011 11:30 AM > To: [email protected] > Subject: RE: [cfaussie] JavaScript equivelant to HASH function > > Charlie > > I just mean "not obvious" as you say. It is for an admin system so from > a > client perspective it is more of a perceived security thing more than > anything else. > > I don't like passing things around the URL as it is so this is just to > make > it more difficult to tamper with > > -----Original Message----- > From: charlie arehart [mailto:[email protected]] > Sent: Friday, 5 August 2011 12:36 AM > To: [email protected] > Subject: RE: [cfaussie] JavaScript equivelant to HASH function > > Well, are you sure that's really all you mean? Because you can make it > non-human readable by encoding it, but someone can decode it. So the > question is, in saying "non-human readable", do you mean merely "not > obviously so" (encoding), or "not possibly so" (encrypting, though of > course > even that's not fool-proof, but different levels of encryption add more > protection, generally at higher cost of payload or processing time.) > > But then the next challenge is that you are seeking a solution that is > cross-platform: the same string encoded/encrypted in CF needs to be > decoded/decrypted in JS (or vice-versa). That does really reduce your > candidates for some of the possible alternatives. > > To be clear, I'm not at all trying to be snarky in all this. Just > really > trying to help (and help others help you). > > /charlie > -- You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en.
