Home/ Questions/Q 6475765
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T06:44:38+00:00

I’ve been thinking of a way to protect my datafeed(json strings) from third party

  • 0

I’ve been thinking of a way to protect my datafeed(json strings) from third party apps and websites using it.

so I came up with a way of protecting it but I’m kind of curious about how good my protection will be.

client side

int passcode, int dateint
passcode = 15987456 //random static code
dateint = 20112805 // todays date all stuck together

return (((Integer.parseint(passcode + "" + dateint) * 9)/2)*15)/3  // stick the 2 numbers together and do random math on it.

on the server side php

$passcode = 15987456 //random static code
$key = $_POST['key'];
$key = ((($key  / 9) * 2) / 15) * 3; // reverse the random math
if(substr($key, 0, strlen($passcode)) === $passcode){
    $dateyear = substr($key, strlen($passcode), 4);
    $datemonth = substr($key, strlen($passcode)+4, 2);
    $dateday = substr($key, strlen($passcode)+6, 2);
    if(!($dateyear === date(Y) && $datemonth === date(m) && $datedate === date(d))){
       die("access denied");
    }
}

eventually the random static passcode could be fetched from another page and it could then be dynamic…

don’t mind syntax/coding errors. just wrote this off the top of my head.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There are three immediate problems I see:

    • I understand your code is just an example, but your random math isn’t very random: x*9/2*15/3 == x*22.5. If someone wants to break that they will. Using a real cryptographic algorithm like md5 or sha would be much more secure.
    • Using today’s date in the algorithm isn’t very reliable: the client could be on the other side of the world where it’s already tomorrow or still yesterday, or the client computer’s clock might just be plain off.
    • Finally, if the site that’s authorized to use the data feed is a public site, anyone can just look at the JavaScript code and check what the protection algorithm is, making even the most (otherwise) secure algorithm useless.

    Here’s an example that demonstrates why the key is very easy to crack. If you run the algorithm with a couple of consecutive days you get:

    20110905:  2235971776452495360
20110906:  2235971776452495388
20110907:  2235971776452495410
20110908:  2235971776452495428
20110909:  2235971776452495452

    The difference between today and tomorrow is 28, between tomorrow and the day after 22, then 18, then 24… There’s a clear pattern there and you don’t need to observe the code for very long before you see it. The malicious party can just try a couple of numbers that match the pattern and hit the right one very soon.

    • 0