<div dir="ltr">Hi Phil,<div><br></div><div>Thanks</div><div><br></div><div>That is exactly what I am doing. I encrypt the data between client and server and it seems working yesterday. :-)</div><div><br></div><div>I am sure that the hacker is driving browser by script. I force the javascript must be executed at client side to talk to the server. Maybe the hacker can run javascript in a javascript runtime engine. I am not sure about that.</div>
<div><br></div><div>Regards</div><div>Leigh</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 4 July 2014 09:05, Phil Scadden <span dir="ltr"><<a href="mailto:p.scadden@gns.cri.nz" target="_blank">p.scadden@gns.cri.nz</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class=""><br>
> Regarding to render the website in Javascript, how are you going to<br>
> stop the browser driven by script? The hacker does not need to<br>
> understand the javascript. All he need is just grab dom element.<br>
</div>That would be true but very unlikely that hacker is using browser. Too<br>
slow. If you load the html with junk data and modify it with js, it may<br>
take the hacker a long time to notice they are using crap. But I would<br>
looking at detecting the hacker without a tip off in first place and<br>
then figure out ways to make life difficult.<br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
--<br>
Phil Scadden, Senior Scientist GNS Science Ltd 764 Cumberland St,<br>
Private Bag 1930, Dunedin, New Zealand Ph <a href="tel:%2B64%203%204799663" value="+6434799663">+64 3 4799663</a>, fax <a href="tel:%2B64%203%20477%205232" value="+6434775232">+64 3 477 5232</a><br>
</font></span><div class="im HOEnZb"><br>
Notice: This email and any attachments are confidential.<br>
If received in error please destroy and immediately notify us.<br>
Do not copy or disclose the contents.<br>
<br>
</div><div class="HOEnZb"><div class="h5">_______________________________________________<br>
NZ Borland Developers Group - Delphi mailing list<br>
Post: <a href="mailto:delphi@listserver.123.net.nz">delphi@listserver.123.net.nz</a><br>
Admin: <a href="http://delphi.org.nz/mailman/listinfo/delphi" target="_blank">http://delphi.org.nz/mailman/listinfo/delphi</a><br>
Unsubscribe: send an email to <a href="mailto:delphi-request@listserver.123.net.nz">delphi-request@listserver.123.net.nz</a> with Subject: unsubscribe<br>
</div></div></blockquote></div><br></div>