Support » Plugin: Email Address Encoder » A way to obsure a specific internal URL?

  • Resolved xbmcgotham

    (@xbmcgotham)


    Hi,

    I am using AmCharts wordpress plugin to generate graphs on a wordpress page. To have the graph load its shape and (external) data, AmCharts uses Javascript to load on the client side when generating the graph. However, this javascript also contains the URL to the API used to retrieve the data. So anyone can easily see the web site code and see this link on the page. This is a risk as anybody can now manipulate the url and download our full database with data.

    I have added the first part of the Javascript code below with the URL highlighted that I would like to obscure from users.

    Anyway this is possible to do with your plugin or other methods?
    Thanks for any help.

    <script>
    try {
    /**
    * —————————————
    * This was created using amCharts 4.
    *
    * For more information visit:
    * https://www.amcharts.com/
    *
    * Documentation is available at:
    * https://www.amcharts.com/docs/v4/
    * —————————————
    */

    // Themes begin

    var chart = am4core.create(“amchart1”, am4charts.XYChart);
    var from = Math.round(+new Date() / 1000) – 2629743;
    var to = Math.round(+new Date() / 1000) + 2629743;

    chart.dataSource.url = ‘https://api.xxxxxxx.com/&#8217; + from + ‘/’ + to;

    chart.dataSource.events.on(“parseended”, function(ev) {
    // parsed data is assigned to data source’s data property
    var data = ev.target.data;
    for (var i = 0; i < data.length; i++) {
    if(data[i][“realtime_value”] == 0){
    delete data[i][“realtime_value”];
    }
    }

    console.log(‘data’, data);

    });

    // create date axis

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Till Krüss

    (@tillkruess)

    Hey!

    No that’s not possible with this plugin and I’d strongly advise against using “encoding” in your particular case.

    I’d urge you to learn the difference between encoding, hasing and encryption.

    Even if you’d obfuscate the API URL, someone can still abuse it, if they find it. So your real problem is that your API doesn’t have any authentication.

    If you don’t want to implement a full authentication for API, check out “SHA256 request signatures”, that might be the easiest and safest solution for you.

    Hi, thanks for the quick response and explanation. I will have a look at the SHA256 request signatures.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘A way to obsure a specific internal URL?’ is closed to new replies.