Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 5 years ago.
Improve this question
I am writing a small software to extract text from website. but there is encrypted captcha available there. I want to decrypt that in my c# program and bypass that. here is encrypted captcha found on that page and corresponding plain captcha.
Encrypted captcha :
VFRZWVdLYlRpSUpXN1ZDdU1BcDZiK0lOWFdCTFNtM2cxZFRqb0dlR0txZnlmWHJ2U01OV0hFeW5FYm1YNUloR3JPdHhQaHBFT2tsbwpJbmlSbkxzNmdPblVGc1N0UmdnZDQxVUNHYlJseXFGRkE1d1o5ODNuSGc9PQ==
Output plain text captcha is: 8RTE9
Is there any way by which I can guess algorithm used in this encryption?
The simple answer to this is you can't.
Not using the method you want to use anyway.
The reason captcha exists is to prevent machines from performing automated login or just to verify that the user is actually a human.
You're not going to be able to decrypt a captcha on the client side. Chances are the captcha processing is done entirely on the server side.
The encryption keys aren't available to you and to 'guess' (brute force) the encryption key will likely take conventional hardware until after the heat death of the universe. That's if captcha even uses encryption. It might use hashing instead (which is more likely).
As for identifying the encryption/hashing algorithm used? If you can work out what captcha library is being used you MAY be able to figure out if it uses default values and use that as a baseline for creating a data set for machine learning. Again, these are big IFS and BUTS.
If it's an open source captcha library then it's possible you could use machine learning to circumvent the captcha by generating a training set for a machine learning algorithm using the library.
Of course ultimately you should tell your boss at the company you work at that you can't do this. Years of research and probably hundreds of thousands or millions of dollars have gone into creating this kind of technology to prevent people from being able to do exactly what you're suggesting you need to do.
Related
This question already has answers here:
How to prevent your JavaScript code from being stolen, copied, and viewed? [closed]
(10 answers)
Closed 7 years ago.
I've developed web software that I would like to start leasing to companies.
It is a javascript program that works as module that only needs linked from their site to utilize.
What are the methods available to secure that the scripts only work for selected clients, paying customers?
I was thinking I could provide them with a code that would need to be verified in my database before printing out the javascript to their page, but after the first fetch they would gain access to the javascript which they could copy and thus never have the need to pay again..
Moving your business logic code to the server is the only reliable way.
Of course you could obfuscate your code and have it only work by fetching a token from your server, but that'll get cracked eventually and obfuscated code has a real performance cost.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
Description :
I have couple of functions that can be written in JavaScript and PHP aswell.
e.g
(a) Current datetime calculation and their subtraction
(b) String replace , extracting substring , checking for a position of character in string and many more
I can submit the data in two ways either I can perform all the calculations and functions on client side using JavaScript
OR
I can send all the raw data to php and do the exact same work in PHP there before saving it in the database.
My Question :
What should I focus on more and try to write as much as I can in either of the languages ?
If performance is what you're after, do as much as you can in javascript, because client's computer tends to have more free computing power than your server. That is because a client only has to do it for himself, server would need to do it for all visitors - possibly thousands upon thousands. Expected client base is a major factor here.
However, take into consideration that a client can't be "trusted"; if you're going to insert something in database, verify everything that needs to be right.
If supporting visitors without javascript is something you'd care to do, you obviously have to move everything server side, but that is rarely the case nowadays.
If anything that you are trying to do is for validation, then do it on the server side with PHP. The client side is untrustworthy and unreliable for that sort of thing.
As far as efficiency goes, in terms of calculations/processing power, your server is likely going to be beefier than the client. You may have a client with a beast of a machine, but gnerally speaking your server's hardware out perform the client hardware. Better to keep as much of your processing you can on the server.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I am currently developing a site to track credits gained from exams, and how these stack up against the user's goal credits.
I know JavaScript fairly well, but don't know any PHP.
What would be the best option to use as a database? Please, I am a beginner and I will be getting answers from advanced programmers. To me, your opinions count so please don't close this as asking for opinions.
MySQL
I could use this on a PHP site, but it would involve me learning PHP. What are the benefits and would they outweigh the hassle of learning a whole new language?
JSON
Would it work if I used JSON files for data storage, and used xmlHttpRequest() to read and write information?
Firebase
Would Firebase work as a fully operating database?
If you know javasript very well and aren't willing to learn a new server side language, I would recommend using Firebase. They way it works is very similar to if you had built your own REST api and just made ajax calls to it.
I wouldnt recommend using json to store data. Anytime you want to read there would be more data sent over the network than necessary and when you get enough data it would be impractical. Databases exist to avoid storing data in a file and simply reading/writing to the file.
Using php wouldnt be the best idea. It is a very powerful language, but it is incredibly easy to write major bugs with it. If you were to use it I would recommend learning a web framework because it would fix most of the bugs that you would write yourself. Heres a list of a bunch of php frameworks http://www.phpframeworks.com/. I think that there would be more benefits to you actually learning php. For starters, every developer should have more than 1 language in their toolbox. You should be able to approach a problem and know what the best way to solve it is and that starts with the exposure to different languages and technologies. Learning another language will take a decent amount of time, but you will get much more out of it than releasing your site a little bit earlier.
So to sum it up, I would use php(or any other scripting language for that matter) with a web framework. Your site would be more secure with the web framework and you will become a much better, more valuable developer by taking the time to learn something new.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
Is there any Rule engine in JavaScript?
The question is in this context:
Consider a web application having a form that users fill up.
As a user fills up each field and proceeds to the next, business logic written in JavaScript controls the visibility(and other attributes) of form elements further down the page.
The same business logic is also applied at the server side after the form gets submitted, albeit, in Java to guard against any mishaps/manipulations at the browser side.
Now, Wouldn't it be nice if we have a JSR 94/Drools/JRules like rule engine that would execute rules in both Java and in JavaScript? With such a rule engine, I can avoid hard coding my rules, and I also retain the flexibility of having client-side as well as server-side validation
(PS: I've tried the AJAX route and seen that the application becomes a lot less responsive, making it hard to sell to users who've been accustomed to a hand-coded, pure-javascript version.)
JSR-94 is a Java specification, so I don't see what it has to do with the browser.
There's Google JSON rules:
http://code.google.com/p/jsonrules/
You said you tried the AJAX route. Does that mean a rules engine running on the server and an asynch call to access it?
This is a valid question. From this article, JSR 94
does not standardize the following:
The rule engine itself
The execution flow for rules
The language used to describe the rules
The deployment mechanism for Java EE technology
Thus, it may be possible to use a DSL that could be executed on the client and server, and this could be developed, executed, and managed as per the JSR 94 architecture. Or not.
Another article Creating a simple rules engine using the Java scripting API employs JSR-233 plus other stuff to create a rule engine system. This however predates the JSR 94.
I got to this stackoverflow page since I too was looking for a solution. Currently, I have a page to validate on client side where groups of fields can trigger different validation rules, and requirements are changing. To write this in imperative code just creates a mess with high cyclomatic complexity.
However, the easiest thing to do is use one of the many JavaScript form validation libraries out there. Still looking.
Since the javascript lives in the browser, it's fairly easy for a user to check your source code and bypass any js validation mechanisms. That's why it's usually done server-side.
It's a pain but I usually implement validation both in javascript and on the server, that way "normal" users will have a quick response, and "hackers" will be kept out of the system. Unfortunately I think that's the way you need to go if you want both good user experience and good security.
To answer your question, to my knowledge there's no common library that can be used both on the client side and the server side.
PS. remember JavaScript is not Java ! :-)
http://en.wikipedia.org/wiki/JavaScript#JavaScript_and_Java
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I'm in the process of building and designing my first Javascript OOP web application and I'm wondering what kind of data structure / management system would be best to use. I know the interaction between Javascript and XML is good and fairly easy, but XML isn't meant to be used as a database.
Is it better to form a combination of both? Have a server-side language (PHP) generate XML and have it then be read by JS?
Or am I heading in the wrong direction with this?
Javascript itself doesn't do queries....it needs a helper like PHP, .net, or Java. It can traverse XML or JSON just fine like you say, but sending colossal XML documents with all possible data when only small amounts of the data is actually required will lead to massive overhead that will bring your app to its knees. It's the definition of lack-of-scalability.
My personal preference is JQuery Ajax talking to a PHP backend (transactions via JSON). If I'm dealing with the presentation of large datasets I'll always page the information server-side and pipeline it (load data ahead of and behind the current view to reduce transactions), and usually present in via jQuery DataTables. Grids are always your friend with large amounts of data. Again, personal preference, but I make heavy use of jQuery UI for layout and presentation, and I do write custom Javascript for the "nifty" one-off type things that come up. Again, any server language you have access to and are comfortable with will suffice, as Javascript is language agnostic.
Javascript can get out of hand in a hurry. I'd recommend that unless you have a ton of time on your hands that you focus on clean presentation via something baseline like HTML with judicious use of Javascript and CSS for progressive enhancement. Think about the user before you go crazy with motion, dynamic elements, etc. Don't forget the old adage, "80% of the people only use 20% of the functionality" Nail that 20% cleanly before going to town on flashy javascript fluff. Your users will thank you!
JSON is by far the fastest to parse, since it IS JavaScript.
Application frameworks like EXT.JS are already doing this with great success.