Hiding raw data (source code)
34 views
Skip to first unread message
Manuel Regidor
Mar 6, 2017, 7:07:12 PM3/6/17
to Google Visualization API
Hi. I am sure that this topic has been already treated, but I can't find useful information.
We are currently working with Google Chart, and we are happy with it.
However, for legal reasons, we must not provide the data (which is populated server side). How can we show only the rendered graphs without viewing raw data via source code? Maybe with an iframe?
Thank you!
Thank you!
Daniel LaLiberte
Mar 6, 2017, 8:44:46 PM3/6/17
to Google Visualization API
You can make it harder to find the data, but not impossible since the data is sent to the browser where the charts are rendered. You could actually render charts separately and save static images. They won't be interactive, however.
One way to make it harder is to remove the code after you are done rendering the chart, especially the code that contains the data.
Another way to make it harder is to fetch the data with a separate XHR request. That way it doesn't show up in the source, but it will be visible to anyone who can use a debugger.
--
You received this message because you are subscribed to the Google Groups "Google Visualization API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-visualization-api+unsub...@googlegroups.com.
To post to this group, send email to google-visualization-api@googlegroups.com.
Visit this group at https://groups.google.com/group/google-visualization-api.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-visualization-api/7daa4ea1-9aba-439d-a9d5-4bd8826660f3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Manuel Regidor
Mar 7, 2017, 4:29:08 AM3/7/17
to Google Visualization API
Thank you very much for your fast reply, Daniel.
I have seen this example, but using another library.
Keepa - https://keepa.com/#!product/9-B00DWRNHFS
They show graphics without source code. It's an iframe.
Do you know how to achieve that behaviour?
I have seen this example, but using another library.
Keepa - https://keepa.com/#!product/9-B00DWRNHFS
They show graphics without source code. It's an iframe.
Do you know how to achieve that behaviour?
El martes, 7 de marzo de 2017, 2:44:46 (UTC+1), Daniel LaLiberte escribió:
You can make it harder to find the data, but not impossible since the data is sent to the browser where the charts are rendered. You could actually render charts separately and save static images. They won't be interactive, however.One way to make it harder is to remove the code after you are done rendering the chart, especially the code that contains the data.Another way to make it harder is to fetch the data with a separate XHR request. That way it doesn't show up in the source, but it will be visible to anyone who can use a debugger.
--
Daniel LaLiberte
Mar 7, 2017, 12:07:43 PM3/7/17
to Google Visualization API
I don't know exactly how keepa does it, but using an iframe also doesn't completely prevent someone from snooping the data that has been sent to the browser. Using an iframe doesn't make any difference since the iframe is yet another document and data that is retrieved from the server, and thus available as resources in the browser. It does appear they have some way of detecting whether the browser's debugger is open as well, since I can't snoop just by opening the debugger before loading the page.
Even if the browser prevents access to the resources, a proxy server can be used between the browser and server to watch everything requested and grab everything that is sent through it. Only encryption has a chance of preventing access, if the decryption is done securely in the browser in a way that prevents any snooping via debuggers or other addons. I don't think browsers are up to that level of security yet.
--
You received this message because you are subscribed to the Google Groups "Google Visualization API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-visualization-api+unsub...@googlegroups.com.
To post to this group, send email to google-visualization-api@googlegroups.com.
Visit this group at https://groups.google.com/group/google-visualization-api.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-visualization-api/7f2a2a33-720c-44fc-9584-4a4c4f6ec2d6%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages