Simplified way to encrypt DataTables AJAX payload JSON and decrypt for debugging
Simplified way to encrypt DataTables AJAX payload JSON and decrypt for debugging
Deepak kumar J
Posts: 6Questions: 0Answers: 0
Hi, Suggest a simplified way to encrypt and decrypt the DataTable AJAX payload.
refer below code from my dataset,
JS Ajax code:
// Prepare payload data
const payloadData = {
table: table,
key: key,
db_file: db_file,
columns: columns,
data_dir: data_dir,
whereAll: QUERY,
sub_qry: sub_qry
};
config.ajax = {
url: './public/serverside/fetchData.php',
type: 'POST',
data: function (d) {
// Merge DataTables params with our custom params
const dtParams = {
draw: d.draw,
start: d.start,
length: d.length,
search: d.search,
order: d.order,
columns: d.columns
};
const finalPayload = {
...payloadData,
dt: dtParams
};
// Return encrypted or plain payload based on flag
return {
payload: E_FLAG ? finalPayload : btoa(JSON.stringify(finalPayload))
};
},
server side we using PHP code:
error_reporting(0);
$table = $_POST['table'];
$primaryKey = $_POST['key'];
$columns = isset($_POST['columns']) ? $_POST['columns'] : array();
$data_dir = isset($_POST['data_dir']) ? $_POST['data_dir'] : '';
$absolutePath = realpath(__DIR__ . '/../../' . $data_dir . '/' . $_POST['db_file']);
$whereAll = isset($_POST['whereAll']) ? $_POST['whereAll'] : '';
$sub_qry = isset($_POST['sub_qry']) ? $_POST['sub_qry'] : '';
$full_qry = isset($_POST['full_qry']) ? $_POST['full_qry'] : '';
$distinct_flag = isset($_POST['distinct_flag']) ? $_POST['distinct_flag'] : '';
if (!empty($_POST['db_file'])){
// SQLite database connection
$sql_details = array(
'db' => $absolutePath
);
}
if (!empty($_POST['db_file'])){
require( 'ssp.class.php' );
echo json_encode(
SSP::complex( $_POST, $sql_details, $table, $primaryKey, $columns, $whereResult=null, $whereAll, $sub_qry, $distinct_flag )
);
}else{
require( 'ssp.class.postgres.php' );
echo json_encode(
SSP::complex( $_POST, $sql_details, $table, $primaryKey, $columns, $whereResult=null, $whereAll, $full_qry, $distinct_flag )
);
}
console image we want to encrypt :
Description: Provide solution how can we start for this payload encryption but here UI want to display the values and data we want to encrypt the dataTable AJAX Payload only. I have done the JSEncrypt approach its not encrypt the large data set payload JSON.
Please let me know if any info is needed.
Replies
Hi all, Provide the suggestions how can we achieve this approach in simplified way.
Use HTTPS to communicate with the server. That way, the browser will deal with encrypting the traffic between the user's computer and your server.
NB: If you're trying to hide the payload from the end-user, there's nothing you can do. The decrypted payload needs to be available in memory on the user's computer at some point in order to work with it.
@RichardD2 Thanks for response, But I using XAMP to run the url it will not work HTTPS request right? I already done base64 encoding but that one is not encryption that's why I'm exploring the better way to achieve this requirement.
A quick search for "xampp ssl" provides plenty of results explaining how to set up XAMPP to use HTTPS.
Thanks Richard @RichardD2 , If any other ways is there because our UI want to display the data but devtools payload want to hide or need to display like encrypted text.
Hi, I have tried base64, crypto JS, AES encryption approaches, here base64 is not a encryption methods its just encoding the JSON, others are complex to work with ASE keys. Help me which encryption methods i can try
So you're trying to hide the payload from the user?
As I said earlier, you can't. Even if you manage to encrypt the payload in JavaScript before it's sent, there's nothing to stop the user from setting a breakpoint in your code before the encryption takes place, and examining the payload there.
If you have "secret stuff" that you don't want the user to see, then don't send it to the user, and don't include it in the payload. Keep it on the server, where the user can't see it.
Yes want to hide from client because there database name and query will be display in payload that's why I trying this task, Yes data will be display in UI but I want to hide the payload details, correct me if I'm wrong, we trying this task as new.
Why are you sending the SQL query to the client? That would only be useful for debugging. And if there is a way of decoding it on the client-side, then the end user can decode it anyway.
If you are worried about the client seeing the database column names, then change them in the JSON - have some kind of mapping. Although to be honest, if they can do damage with just knowing the column names, then there are bigger problems.
I think @RichardD2 was perfectly clear in his first response. Use HTTPS to encrypt the communication between the client and server. Trying to encrypt so it can't easily be read in the browser's network inspector is utterly pointless in my opinion. The client-side must be able to decode it to be able to use it, so the client can decode it...
Allan