Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Page 1 of 2 1 2 LastLast
Results 1 to 10 of 12
  1. #1
    Senior Member hagen's Avatar
    Join Date
    Aug 2005
    Posts
    408
    Member #
    10882
    Liked
    1 times
    Hi I don't have a SSL page to post credit card details...

    I though I could use javascript to encode the details before the post... and it would ammount to the same thing...

    Any thoughts... :-)

    I don't really do javascript, any code I can use out there??? :-)

    Thanks -Hagen
    Hagen Rose: hagen(at)jxwd(dot)co(dot)uk
    JX Web Development, Bournemouth, Dorset...JXWD.co.uk

  2.  

  3. #2
    Senior Member hagen's Avatar
    Join Date
    Aug 2005
    Posts
    408
    Member #
    10882
    Liked
    1 times
    Hagen Rose: hagen(at)jxwd(dot)co(dot)uk
    JX Web Development, Bournemouth, Dorset...JXWD.co.uk

  4. #3
    WDF Staff smoseley's Avatar
    Join Date
    Mar 2003
    Location
    Boston, MA
    Posts
    9,729
    Member #
    819
    Liked
    205 times
    Javascript encryption is not the same thing as SSL.

    You should use SSL, even if you have to do a self-signed cert.

  5. #4
    Senior Member paintingtheweb's Avatar
    Join Date
    Jul 2007
    Location
    Las Vegas
    Posts
    128
    Member #
    15503
    smoseley is right - please don't use a page that posts credit card info that is solely reliant on js encryption. Because the source code for js files is viewable to anyone, any "encrypting" done using javascript can/will be broken. Not to mention the fact that people can turn javascript off with a few clicks...

  6. #5
    Senior Member hagen's Avatar
    Join Date
    Aug 2005
    Posts
    408
    Member #
    10882
    Liked
    1 times
    didn't say it was :-) I said it would amount to the same thing... IE be equally secure...

    just want to use RAS encryption using javascript because i dont have SSL... and don't really see the point in getting SSL...

    IE I want to encrypt my data before I send it via a post in the same way as SSL does... I will do this by using javascript on the client side...

    check out the link I posted it shows a pretty good example...

    -Hagen
    Hagen Rose: hagen(at)jxwd(dot)co(dot)uk
    JX Web Development, Bournemouth, Dorset...JXWD.co.uk

  7. #6
    Senior Member hagen's Avatar
    Join Date
    Aug 2005
    Posts
    408
    Member #
    10882
    Liked
    1 times
    does not make sense that people can hack it using the script because they will be missing the private keys... IE exactly how SSL works...

    SSL RSA algorythm was released into the public domain around the year 2000... but it's useless without the private key just like any decent encryption you cannot derive it from the data... it's kind of the point...

    please see the example using RSA is't pretty clear...

    -H
    Hagen Rose: hagen(at)jxwd(dot)co(dot)uk
    JX Web Development, Bournemouth, Dorset...JXWD.co.uk

  8. #7
    Senior Member paintingtheweb's Avatar
    Join Date
    Jul 2007
    Location
    Las Vegas
    Posts
    128
    Member #
    15503
    You're talking about the information being passed via post, correct? You want the information to be encrypted via javascript before being sent? What about if javascript is disabled? You'd be sending raw data between pages ripe for the picking. I'm not by any means trying to discount what you're doing, it's just that that kind of thing has too many holes to submit important info. IE:

    What if there is a script that is placed on there to grab the information before it is encrypted and send it somewhere else? No encryption anymore. :-\ - Like I said - not trying to say what you're doing isn't cool or worthwhile, just that it's not a good substitute for SSL.

  9. #8
    Senior Member hagen's Avatar
    Join Date
    Aug 2005
    Posts
    408
    Member #
    10882
    Liked
    1 times
    come on get with the program! :-) if the javascript is disabled then the post sends a blank...

    This isn't rocket science... It's like undergraduate level engineering...

    -H
    Hagen Rose: hagen(at)jxwd(dot)co(dot)uk
    JX Web Development, Bournemouth, Dorset...JXWD.co.uk

  10. #9
    Senior Member paintingtheweb's Avatar
    Join Date
    Jul 2007
    Location
    Las Vegas
    Posts
    128
    Member #
    15503
    How do you figure? If you're filling out a form and it's getting submitted, it's going to send information regardless of whether or not js is enabled.

  11. #10
    Senior Member hagen's Avatar
    Join Date
    Aug 2005
    Posts
    408
    Member #
    10882
    Liked
    1 times
    Have a top and bottom form...

    The top form would be a dummy supplying the javascript with the data...

    The form underneath would have hidden values calculated by the javascript and the submitt button...

    The submitt button would only apply to the bottom form data IE nothing populated / sent if the javascript disabled... The bottom form submits the encrypted data...

    The key is calculated in advance (I am thinking of using php) and inserted into the database...

    I think that works doesnt it?

    (the problem I am having so far is finding php and javascript routines that can easliy interface...)


    -H
    Hagen Rose: hagen(at)jxwd(dot)co(dot)uk
    JX Web Development, Bournemouth, Dorset...JXWD.co.uk


Page 1 of 2 1 2 LastLast

Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Search tags for this page

javascript credit card encryption

,

javascript source code for credit cards

Click on a term to search for related topics.
All times are GMT -6. The time now is 12:44 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com