Titanium: Data encryption and decryption techniques on Android devices - javascript

I am using Titanium 1.7.6
I am developing an android 2.2 application that will access images/videos/pdf/text from my resources folder from sd card. I want only the application to be able to read the contents of my resources folder. What would be the best way to do that?
Here are some of my ideas:
password protect the resources folder, only application would know the password. (Not sure if this can be done. If you know how to do it please let me know.)
encrypt all the files inside the resources folder. (in this approach, I am guessing in order to read an encrypted file like images, I will have to decrypt the file and store it into some temp folder. after using the decrypted file delete the file from the temp folder.) But there is a problem with this approach. please see link to the problem here
If you have some other idea please add that to the list.

I don't really have a serious experience with android developing, but here are some ideas from top of my mind which may come handy:
You can always use open-source compressing libraries such as gZip to compress and password protecting your folders using an additional library like PGP or PKZIP. this method is really common among developers. e.g: Call Of Duty games. the game, stores resources such as sprites/sounds/models/scripts and such in compressed and encrypted folders with .ff extension.
since Android uses the same code base with Linux, I think it's possible to encrypt folders in the same fashion. so try all of those encrypting techniques from Linux
And of course, when it comes to encrypting areas, one does not simply forgets about RSA and SSL like encryption/decryption algorithms
And your best option from the above methods is the first one, because:
By compressing a whole folder, you don't need to worry about files inside it
While using libraries such as gZip, with addition to a robust,fast and optimized backbone for your application you have a rich and easy-to-use API to decrypt and decompress your files and folders.
Hope it helps you.

Related

What is best way to compress file and text "inside browser" before sending to server?

Actually I trying to upload large text and pdf files. I want to compress file chunks in browser only. So i can encrypt and send these lite chunk through ajax smoothly without hanging browser. I am seeking help related to file chunk compression. And at server side easily can decompress using java library. Can anyone suggest me best way to do it ?
It should be in client side and inside browser(IE11,Google Chrome).
Gzip is a popular method for compressing data before sending it over the web.
There are many javascript libraries, such as https://github.com/beatgammit/gzip-js which will compress a string/byte array for you.
Java has Gzip functionality built-in through java.util.zip.GZIPInputStream;; a simple google search will make it easy to learn how to use it.
There are several JS libs that can help you with that, if the zip format is acceptable. JSZip is one of the most well known ones.

Creating an online ide, security risk

I am on a personal project of creating a web-based ide, or lets say, just a text-editor, and the app would allow users to register and start their own javascript project.
The backend language that would write the files is php.
Questions.
How do I safely write user-input files into server, having a fwrite would mean that I can write everything on the server, and would definitely be a major security issue.
If.
I wonder if I could implement dvcs (distributed version control), e.g. git (heroku, github), service and ask php to git push the files to the repository, would that save me from the issue?
If I just store his codes, the file type, and the content to a database, would that make sense?

Managing ServerSide FileSystem through Web Application

I am developing a web application that will manage directories and files through its web interface.
Developing a web interface is one part, and it is in advanced progress. However, I start thinking, how should I develop the server application, that will manage the files and directories based on user input.
The client will be created using standard tools:
HTML5
CSS3
JavaScript
PHP - Despite it is server side application, it will be responsible mostly for Dynamic Websites
MySQL - Despite it is server side application, it will be responsible mostly for keeping information about users, their settings, etc..
Would you advise me please, what would be a server-side programming language of choice to manage server-side file system? Is there any API available, that will allow me to do exactly what I wish? Is it possible to manage the server-side file system in server-side JavaScript, or should I chose another tool? Server-side JavaScript comes to my mind as a logical chocie, as I use it for the client side as well.
This is what I wish to achieve:
To create new directories and files
To delete directories and files
To track the directory and file size
To move files between directories
To provide content of the directories and subdirectories
Ideally, the solution should be platform independent and should work on both, Linux Ubuntu and Windows Server OS.
I understand that my question is a bit broad. I would be thankful, if you point me to the right direction, which technologies to start studying, to be able to accomplish the above mentioned.
Thank you.
You already have a very capable serverside language in your list. PHP.
PHP can do all of the things you listed above... and a few you didn't list as well :)
To create new directories and files
New files can be created with the touch() function, and new directories with the [mkdir()](http://php.net/manual/en/function.mkdir.php function.
To delete directories and files
Deletion is done with rmdir() and unlink().
To track the directory and file size
File sizes can be monitored using the filesize() function. Couldn't find a native folder size function but this Stack Overflow post may be useful - https://stackoverflow.com/a/478161/558021
To move files between directories
Moving files and directories can be accomplished by using the rename() function.
To provide content of the directories and subdirectories
One of the functions PHP gives us to scan folders is called glob() it glob - it allows you to find pathnames matching a pattern, so if you give it a wildcard character * it will find all the files in a certain location.

work on the files in a directory using html javascript

Trying to see if this is possible -
1.) User logs into our site
2.) Points to a directory
3.) The javascript code reads contents of the directory, shows thumbnails for any jpeg/gif in those directories. This all without uploading all the photos to the server. Kind of a semi desktop app.
Point 3 is something I have never done, is this possible for an online application to do ?
You can't do this...yet (unless you're using a prerelease of Chrome 9). There are some APIs coming down the pike that will make this possible in browsers that support them; there's a description of using them in this article.
But right now, no. To do this, you'll need to use a technology that allows local file access, such as a signed Java applet (normal unsigned ones obviously can't do this) or, on a severely limited number of platforms and browsers, an ActiveX control.
Update: Sorry, the new JavaScript APIs I mentioned above don't give you (user-granted) access to any old directory on their system. They do give you access to the file system, but it's a sandboxed file system. So you'd have to have the users move the files into the sandbox (which you could do via the File API and with drag-and-drop, keeping it an entirely client-side thing, no uploading required). But that isn't quite what you described.
No; this is not possible.
Javascript cannot directly interact with the user's local filesystem
No, it is not possible to access any of the clients files using JavaScript as that would be a security risk.

min.js to clear source

As far i know until now, the min version of a .js(javascript) file is obtaining by removing the unncessary blank spaces and comments, in order to reduce the file size.
My questions are:
How can I convert a min.js file into a clear, easy readable .js file
Besides, size(&and speed) are there any other advtages of the min.js file.
the js files can be encripted?
can js be infected. I think the answer is yes, so the question is how to protect the .js files from infections?
Only the first question is most important and I'm looking for help on it.
TY
To convert a minified file into a editable source, simply open any IDE that supports auto-formatting and auto-format it. I use Netbeans to do this.
If you do client side caching for the minified file, it means to say that the client (computer) needs to process less bytes. Size and speed are the main advantages of a minified file, and they are already great advantages to prepare for a future that requires great load of data transfer. By the way, it also saves you some bandwidth on your server and therefore money.
I don't see the need of encryption. See How to disable or encrypt "View Source" for my site
Javascript files cannot be edited unless it is done so on the server. The security of your Javascript files depends on your 1) server protection 2) data protection. Data should not be able to exploit. But of course, Javascript is executed on the client side, it will be meaningless for the client user to attack him/herself. However Twitter has shown multiple Javascript exploits. You need to constantly test and check your codes against XSS, CSRF and other attacks. This means to say that if your Javascript file has a loophole, it was the developer, you, who created it.
Multiple minifiers exists, that also are able to compress JS, see http://dean.edwards.name/weblog/2007/04/packer3 for one of the most being used. Some others exists, also see the JSMin library http://www.crockford.com/javascript/jsmin.html
The main advantage is the size gain. You should also aggregate your JS files when you have multiple JS files, this also saves a lot of I/O (less HTTP requests) between the server and the client. This is probably more important than minifying.
I can't answer you about encryption. Client security will mainly depend on its browser.
EDIT: Ok my first answer is not for the first question, merged both in 2.

Categories