www.webdeveloper.com
Results 1 to 3 of 3

Thread: Why I think JQuery is misused and an interesting idea for extra security *Non-qstn

  1. #1
    Join Date
    Mar 2012
    Posts
    202

    Why I think JQuery is misused and an interesting idea for extra security *Non-qstn

    First off -- Why I think JQuery is misused

    JQuery is a JavaScript library, which has been coded with JavaScript to make it simpler to develop applications with cross-browser support for commonly used JavaScript functions. However, with the improvements made in cross-browser JavaScript support and functions, JQuery is becoming increasingly unnecessary. I think it's absolutely ridiculous when I see people using JQuery for small projects, literally quadrupling the amount of work to be done by the browser just so that the person coding doesn't have to type in "document.getElementById" a half-dozen times. The only time you should really use JQuery is if the time saved is actually more important than the quality of the end product, which I don't think should ever be the case.

    And secondly -- My interesting idea for extra security

    I've been programming a Chrome extension for securely managing (using crypto) login data and cookie sessions for multiple users locally. What I'm looking to protect is the logged in user's "Master Random Password" (MRPW) value, which is a global variable and is used for encrypting and decrypting purposes while the user is logged in. Specifically, I want to protect this value from being extracted from XSS-like attacks or even from a person with direct access to the JavaScript console window. What I came up with is a very simple proof of concept, the concept being that I can create a JavaScript variable and protect it from being read, override that variable, and use it for calculations (such as encryption/decryption).

    Code:
    var LiUMRPW = {};
    function SecureMRPWInit() {
    	var SecureMRPW = "";
    	LiUMRPW.Set = function(NewUserMRPW) { SecureMRPW = NewUserMRPW; }
    	LiUMRPW.Get = function() { return SecureMRPW; } // Proof of concept, and only way of retrieving MRPW once it has been set
    	} SecureMRPWInit();
    Thoughts?

  2. #2
    Join Date
    Dec 2011
    Location
    Centurion, South Africa
    Posts
    776
    You could have also written your closure like this:

    Code:
    var LiUMRPW = (function()
    {
    	var SecureMRPW = '';
    	return {
    		Set : function(NewUserMRPW) {SecureMRPW = NewUserMRPW;},
    		Get : function() {return SecureMRPW;}
    	};
    }());
    JavaScript: Learn | Validate | Compact

  3. #3
    Join Date
    Mar 2012
    Posts
    202
    I never thought of it like that, thanks, it looks alot cleaner and much more elegant.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles