LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 01-13-2022, 12:35 PM   #1
Skaperen
Senior Member
 
Registered: May 2009
Location: WV, USA
Distribution: Xubuntu, Ubuntu, Slackware, Amazon Linux, OpenBSD, LFS (on Sparc_32 and i386)
Posts: 2,464
Blog Entries: 30

Rep: Reputation: 167Reputation: 167
free Javascript code sites


all my searches keep matching free Javascript tutorial sites. but what i am looking for is sites offering free Javascript code. anyone know how to get search engines show the free code sites?

i am looking for Javascript code that can take text entered on a form and encrypt it with a given key or passphrase before sending it to the server. also code to decrypt what comes from the server before it gets displayed or saved.

or maybe i do need to learn Javascript (i hope it can invoke SSL).
 
Old 01-13-2022, 12:51 PM   #2
boughtonp
Senior Member
 
Registered: Feb 2007
Location: UK
Distribution: Debian
Posts: 2,385

Rep: Reputation: 1844Reputation: 1844Reputation: 1844Reputation: 1844Reputation: 1844Reputation: 1844Reputation: 1844Reputation: 1844Reputation: 1844Reputation: 1844Reputation: 1844

You shouldn't be searching for "code sites" that provide untested buggy snippets, instead search for tested and standardized libraries for the relevant piece of functionality.

As for that example, you don't need any JavaScript - the functionality is already included in every browser/client and every server - all you need to do is add a single letter 's' in the URLs, after the word http and before the colon, and your requests and responses are automatically encrypted and decrypted at the appropriate points.

 
2 members found this post helpful.
Old 01-13-2022, 01:41 PM   #3
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 10,432

Rep: Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914
You don’t do that in JavaScript. You use HTTPS and you SSL-encrypt the entire connection.
 
Old 01-13-2022, 07:09 PM   #4
Skaperen
Senior Member
 
Registered: May 2009
Location: WV, USA
Distribution: Xubuntu, Ubuntu, Slackware, Amazon Linux, OpenBSD, LFS (on Sparc_32 and i386)
Posts: 2,464

Original Poster
Blog Entries: 30

Rep: Reputation: 167Reputation: 167
Quote:
Originally Posted by boughtonp View Post
You shouldn't be searching for "code sites" that provide untested buggy snippets, instead search for tested and standardized libraries for the relevant piece of functionality.
that's good advice i should be attentive to.

Quote:
Originally Posted by boughtonp View Post
As for that example, you don't need any JavaScript - the functionality is already included in every browser/client and every server - all you need to do is add a single letter 's' in the URLs, after the word http and before the colon, and your requests and responses are automatically encrypted and decrypted at the appropriate points.
what i am trying to achieve is end-to-end security with encryption the server cannot decrypt. the server is just like a file server with some added automation to queue and find messages as well as store them and fetch them. so HTTPS cannot do this since it decrypts at the server. however, all this would be done in the secure transport HTTPS provides. the idea is that i can store a message and another person with the right key can fetch it, decrypt it, and read it.
 
Old 01-13-2022, 07:10 PM   #5
Skaperen
Senior Member
 
Registered: May 2009
Location: WV, USA
Distribution: Xubuntu, Ubuntu, Slackware, Amazon Linux, OpenBSD, LFS (on Sparc_32 and i386)
Posts: 2,464

Original Poster
Blog Entries: 30

Rep: Reputation: 167Reputation: 167
Quote:
Originally Posted by dugan View Post
You don’t do that in JavaScript. You use HTTPS and you SSL-encrypt the entire connection.
see post #4.
 
Old 01-13-2022, 10:40 PM   #6
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.8.2003
Posts: 5,519

Rep: Reputation: 2144Reputation: 2144Reputation: 2144Reputation: 2144Reputation: 2144Reputation: 2144Reputation: 2144Reputation: 2144Reputation: 2144Reputation: 2144Reputation: 2144
Quote:
Originally Posted by Skaperen View Post
what i am trying to achieve is end-to-end security with encryption the server cannot decrypt. the server is just like a file server with some added automation to queue and find messages as well as store them and fetch them. so HTTPS cannot do this since it decrypts at the server. however, all this would be done in the secure transport HTTPS provides. the idea is that i can store a message and another person with the right key can fetch it, decrypt it, and read it.
I’d do that by saving the message at a location requiring login to access…encryption of the content is not necessary if only “person with the right key can fetch it”. Use the web server auth functionality.
 
Old 01-13-2022, 11:04 PM   #7
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 10,432

Rep: Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914
I just want to be clear on what you’re actually trying to solve. Are we talking about a site that users log into? Does it currently have user accounts, any kind of authentication, and/or a registration system?

The reason I’m asking is because I think the answer is no, and you’re trying to add a layer of security without having to change it to yes. Your incredibly strange problem statement makes a lot more sense that way.

I’ll make a leap here. I know the answer is no, and you just want to have freeform “key” fields in the forms to submit and retrieve messages. In that case, I’d just implement a Caesar cipher. You can do that without looking at an example, can’t you?

And no, you can’t use SSL for that. If only because you’re talking about a symmetric encryption scheme and SSL is an asymmetric encryption scheme.

Last edited by dugan; 01-14-2022 at 08:40 AM.
 
Old 01-14-2022, 07:04 AM   #8
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 6,250
Blog Entries: 3

Rep: Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227Reputation: 3227
Quote:
Originally Posted by Skaperen View Post
what i am trying to achieve is end-to-end security with encryption the server cannot decrypt.
Then HTTP / HTTPS is the wrong approach. You'll need a stand-alone client of some kind regardless of protocol.
 
Old 01-14-2022, 11:17 AM   #9
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,741
Blog Entries: 4

Rep: Reputation: 3515Reputation: 3515Reputation: 3515Reputation: 3515Reputation: 3515Reputation: 3515Reputation: 3515Reputation: 3515Reputation: 3515Reputation: 3515Reputation: 3515
What we now have here is a classic "XY Problem." What you are really asking for is not what you initially asked for.

And, happily for you, what you are asking for is a problem that has already been thoroughly and completely solved – several times, in fact.

Now, as to your original question: two essential sites are GitHub and SourceForge. Both of these are "code repository sites" which use the git version-control system but which also allow files and entire projects to be downloaded directly. You need to keep both of these sites in your online Rolodex, because they can save you a lot of time.

Basically – today, no matter what it is that you are setting out to do, you should assume that "somebody else has already done it, much better than I could, and then shared it with the world." You stand on the shoulders of incredibly-generous giants.

(Although, as a Linux user, I guess you knew that already?)

Quote:
Actum Ne Agas: "Do Not Do A Thing Already Done."
For example, I recently had a client who planned to build a "ticket system" in PHP. They expected to take about a year to do it ... until I was able to point out that such a system already existed, which had taken the contributor(!) longer than this to develop. Therefore, it took just a month or so of "kit-bashing" to get them extremely close to their business goal. This sort of thing happens all the time now. One can only speculate how much salary-expense this company had spent on initially doing this ... yet they gave it away.

Last edited by sundialsvcs; 01-14-2022 at 11:25 AM.
 
1 members found this post helpful.
Old 01-14-2022, 11:21 AM   #10
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 10,432

Rep: Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914
He asked for free code sites; you gave him free code sites. Sounds like you gave him what he asked for.
 
Old 01-14-2022, 02:11 PM   #11
Skaperen
Senior Member
 
Registered: May 2009
Location: WV, USA
Distribution: Xubuntu, Ubuntu, Slackware, Amazon Linux, OpenBSD, LFS (on Sparc_32 and i386)
Posts: 2,464

Original Poster
Blog Entries: 30

Rep: Reputation: 167Reputation: 167
Quote:
Originally Posted by scasey View Post
I’d do that by saving the message at a location requiring login to access…encryption of the content is not necessary if only “person with the right key can fetch it”. Use the web server auth functionality.
i want to create a server where it can be shown (by looking at the client side code) that even the server (operators, admins) cannot access the message at any time. unless it is encrypted, anyone with physical (including court ordered) access to the server can read any message. anyone can promise not to read any message, but failure to comply with a court order can result in a raid by a law enforcement agency. so a promise is not good enough.

i would also require login access (in HTTPS) to the server to store or fetch or even produce a list. even logged in users would not be able to discover names of other users.

Last edited by Skaperen; 01-14-2022 at 02:15 PM.
 
Old 01-14-2022, 02:42 PM   #12
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 10,432

Rep: Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914Reputation: 4914
LOL. Someone here wants to be the next Julian Assange. And he starts by asking for "free code sites".

Anyway, there's a prefab solution for this. You just replace the "messages" with GnuPG-encrypted email.

Last edited by dugan; 01-14-2022 at 02:56 PM.
 
1 members found this post helpful.
Old 01-14-2022, 02:44 PM   #13
Skaperen
Senior Member
 
Registered: May 2009
Location: WV, USA
Distribution: Xubuntu, Ubuntu, Slackware, Amazon Linux, OpenBSD, LFS (on Sparc_32 and i386)
Posts: 2,464

Original Poster
Blog Entries: 30

Rep: Reputation: 167Reputation: 167
Quote:
Originally Posted by dugan View Post
And no, you can’t use SSL for that. If only because you’re talking about a symmetric encryption scheme and SSL is an asymmetric encryption scheme.
either symmetric or asymmetric would work. users could substitute any encryption they want to use. asymmetric would have some potential benefits for the users.

HTTPS would be used to protect the login and completion of the session.

login would be used to control service access so that this resource can be limited and users can limit who gets to know of or confirm their activity.

client encryption would ensure the server and its operator(s) cannot read any clear message. savvy users could add another layer of encryption.

issues i still need to work out include the server logging relationship between IP addresses of user pairs that store and fetch a message (8.8.8.8 stores a message that 1.1.1.1 fetches both the day before a big event).
 
Old 01-14-2022, 02:56 PM   #14
Skaperen
Senior Member
 
Registered: May 2009
Location: WV, USA
Distribution: Xubuntu, Ubuntu, Slackware, Amazon Linux, OpenBSD, LFS (on Sparc_32 and i386)
Posts: 2,464

Original Poster
Blog Entries: 30

Rep: Reputation: 167Reputation: 167
Quote:
Originally Posted by dugan View Post
LOL. Someone here wants to be the next Julian Assange. And he starts by asking or "free code sites".

Anyway, there's a prefab solution for this. You just replace the "messages" with GnuPG-encrypted email.
Julian Assange never made it so he could not know about the content he handled.

if GnuPG were in JavaScript, lots of useful code could be found there. i don't want this design to require users to copy and paste content between applications.

if i do this as a distinct client in python maybe i can find what i need. python seems to be fairly portable and there is a lot of free code including strong encryption.
 
Old 01-14-2022, 02:59 PM   #15
Skaperen
Senior Member
 
Registered: May 2009
Location: WV, USA
Distribution: Xubuntu, Ubuntu, Slackware, Amazon Linux, OpenBSD, LFS (on Sparc_32 and i386)
Posts: 2,464

Original Poster
Blog Entries: 30

Rep: Reputation: 167Reputation: 167
Quote:
Originally Posted by dugan View Post
He asked for free code sites; you gave him free code sites. Sounds like you gave him what he asked for.
indeed.

but this thread has been seasoned with spicy topics.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: JavaScript creator Eich's latest project: KILL JAVASCRIPT LXer Syndicated Linux News 0 06-18-2015 08:30 AM
Automating access to interactive sites which use HTML and javascript tbgclark Linux - Software 5 03-20-2011 02:39 PM
Looking for Textbrowser with JavaScript Support or Elink Javascript Support rohezal Linux - Software 4 09-01-2009 01:02 PM
Ubuntu Edgy/Firefox 2/Javascript - Firefox closes accessing websites with Javascript Interdictor Ubuntu 8 11-02-2006 11:58 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 12:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration