1

My users will in some cases be able to view a web version of a database table that stores data they've entered. For various reasons I need to include all the stored data, including a number of integer flags for each record that encapsulate adjacencies and so forth within the data (this is for speed and convenience at runtime). But rather than exposing them one-for-one in the webview, I'd like to have an obfuscated field that's just called "reserved" and contains a single unintelligible string representing those flags that I can easily encode and decode.

How can I do this efficiently in C++/Objective C?

Thanks!

ed94133
  • 1,477
  • 2
  • 19
  • 40
  • Let me explain further -- data is being made available to the user in a Google Spreadsheet ("webview" may have been misleading) and since I would like to be able to read the data back into the originating mobile app, I want to have this additional "private" data included in the spreadsheet without being distracting to the user or easily manipulable. – ed94133 Feb 23 '11 at 23:35

5 Answers5

2

Is it necessary that this field is exposed to the user visually, or just that it’s losslessly captured in the HTML content of the webview? If possible, can you include the flags as a hidden input element with each row, i.e., <input type=“hidden” …?

Seth Kingsley
  • 452
  • 4
  • 5
1

Why not convert each of the fields to hex, and append them as a string and save that value?

As long as you always append the strings in the same order, breaking them back apart and converting them back to numbers should be trivial.

FallenAvatar
  • 4,079
  • 1
  • 21
  • 24
  • This is my favorite approach, and very simple. I'll just create a string like "%x%x%x%x%x",flag1,flag2,flag3,flag4,(checksum = constval + flag1 + flag2 + flag3 + flag4). The range of possible integer values is small enough that I can rely on the flag values in hex being only 1 character, hence easy to break apart. Thanks! – ed94133 Feb 24 '11 at 07:11
0

Use symmetric encryption (example) to encode and decode the values. Of course, only you should know of the key.
Alternatively, Assymetric RSA is more powerfull encryption but is less efficient and is more complex to use.

Note: i am curios about the "various reasons" that require this design...

Community
  • 1
  • 1
Hertzel Guinness
  • 5,912
  • 3
  • 38
  • 43
  • Thanks -- I may investigate this (and see clarification above). I do wonder if it may be overkill though. This is nothing very secret, mainly I just want to avoid distracting the user and avoid having values that are tempting to play with without my knowing. If they change a 4 to a 5 I can't tell. I'm thinking a good basic encoding algorithm could tell me if aH7c1 had been changed to, say, aH7c2 (because the latter couldn't be decoded) and I needed to recalculate adjacencies. With real encryption I worry about getting into fuzzy legal territory, too, and unnecessarily. – ed94133 Feb 23 '11 at 23:41
0

Multiply your flag integer by 7, add 3, and convert to base-36. To check if the resulting string is modified, convert back to base-2, and check if the result modulo 7 is still 3. If so, divide by 7 to get the flags. note that this is subject to replay attacks - users can copy any valid string in.

MSalters
  • 173,980
  • 10
  • 155
  • 350
-1

Just calculate a CRC-32 (or similar) and append it to your value. That will tell you, with a very high probability, if your value has been corrupted.

Ben Voigt
  • 277,958
  • 43
  • 419
  • 720