The "Call Me Button" service I use gives me simple html hyperlink code, including javascript for the popup, to include in my webpage code. Visitors to the site click the button and get a popup that allows them to get a live call to the visitor's telephone from us.

One of my concerns is that the simple html hyperlink code the service provides me with is not encrypted or obfuscated in anyway AND it includes some information that identifies the account I have with the provider AND the IP address of the provider, or their vendor, is displayed in the hyperlink code.

Is there a way I can encrypt or obfuscate the code they provide me with and, then, be able to use that version in my own web code AND still have the "Call me Button" work?

Secondly, is it possible that I can include obfuscated code in my web page in a way that, either, it can not be copied OR it is useless outside of my website?

You cannot do anything that a skilled programmer could not reverse.
Except maybe if you embed everything into a java applet or a flash file.

You could use temporary authentication tokens.

Thankyou For Responding.

Quote:

Originally Posted by tripy

You cannot do anything that a skilled programmer could not reverse.

That is okay. It may be unlikely that skilled programmers would care, BUT there might be lots of unskilled people who know just enough to cause me problems. ...like viewing the source and simply taking the unencrypted code.

It would be irresponsible of me not to, at least, try to do a little to increase the amount of difficulty involved in seeing the actual code IF I can. A skilled person could probably disable the alarm on the local bank president's fancy car, but, probably, he/she should worry more about the unskilled creeps trying to get fast cash for which a mid-level car alarm would be an adequate deterrent.

Quote:

Originally Posted by tripy

Except maybe if you embed everything into a java applet or a flash file.

Quote:

Originally Posted by VirtuosiMedia

...use temporary authentication tokens.

There is lots of "how to" information on the Internet. If you can not explain HOW to use temporary authentication tokens OR embed into a java applet or flash file can you, at least, refer me to some good "how to" information on the Internet?

On rereading your post, I saw that I had mistakenly thought you were creating this service, not just using it. Being as you didn't even mention which service you are using (though it probably wouldn't have made a difference), your best bet would probably be to contact the service itself.

Anything you can do to obfuscate the information, you're counting on the browser to unobfuscate. It's not like the browser is a rare or unheard of technology. Chances are your enemy (the person you're hiding the info from) also has a web browser. While a view source may not be enough, an execute source will be.

You could do this. It's just the return will be very small, and the investment (of labor) will not be.

Now, as VM says, it really depends what the existing code you want to fit your change into looks like, how feasible this is, or what details follow. If you care to share some info, you've got some highly knowledgeable and honest people replying already.

Thanks For Responding.

Quote:

Originally Posted by VirtuosiMedia

...your best bet would probably be to contact the service itself.

Spoke to them on the telephone earlier. The rep. I spoke to seemed, genuinely, ignorant of the dangers of having it unencrypted, but once I explained he was very receptive, appeared to comprehend, said he was a manager who happened to be "helping out on the phones", and said he would suggest it(encryption).

Quote:

Originally Posted by Learning Newbie

...care to share some info...

The "Call Me Button" code I am provided with looks like:
<a href="javascript: w=window.open('http://12.345.67.890/CallMe.asp?
ID=CR01234567890&No=1234567','CallMe','toolbar=0,s crollbars=0,width=350,
height=330,left=0,top=0'); w.focus();">My Link</a>

The IP address is related to the service providers; although, that is a phony one I substituted there and the string that begins with CR reflects my actual account number information.

When I insert the code into a webpage the visitor will be able to click the link and get a "popup", if they have javascript on, that will allow them to enter a number at which they would like to be called and the amount of time they want to pass, from instant call to days, before the call to their telephone occurs. At the time when the call is to occur the service provider that I use rings the phones(our phone and the visitor's) without human intervention. It is an automated process.

When a call occurs I am charged per minute.

I don't want you guys to put a significant amount of time into helping me with this. I was just hoping to get a simple, but more or less adequate, method to do this.



1st resort was Closed For The Season, 2nd resort was Being Renovated, and the 3rd resort was too expensive, BUT the LAST RESORT was exactly what I needed.

Quote:

Originally Posted by tripy

...embed everything into...a flash file.

Maybe this is what I need: http://roly.blogsome.com/2007/04/21/cloaking-an-mailto-email-link-in-a-html-page-using-flash/

If it is, though, I am going to have to wait until I have the time to try and customize it to my needs.

note: I did not go to the webpage itself, at first, I looked at the Google cache of the webpage. After looking at the cache I was eager so I entered the webpage itself. I usually check, via siteadvisor.com, just to get an idea as to whether I should be using a site BEFORE I visit it. In this case I did not check blogsome.com with siteadvisor.com until AFTER I had already visited the page. blogsome.com, itself, has a few bad user reviews, but siteadvisor.com gives it a green light. I think roly.blogsome.com is okay, but you guys use your own judgement and caution before visiting that URL. Incidentally, I know siteadvisor.com is not definitive and they probably get things wrong sometimes, but I use it along with other precautions.

Okay, so this is not very secure, but it might prevent some people from just clicking "view source" and taking your code.

The javascript function looks like it is called window.open. Then, the link is passing all the info. Are you using this function anywhere else on the page? If not, get rid of the variables in your link, and put them directly in the javascript. Then, be sure to link the javascript instead of putting it in the html document directly. Anyone who knows a few things about html and javascript can still find it, but your general audience wont be able to just "view source" and go.

Just put in a AJAX request from the server for the values as and when needed.

Quote:

Originally Posted by angele803

Okay, so this is not very secure, but it might prevent some people from just clicking "view source" and taking your code.

The javascript function looks like it is called window.open. Then, the link is passing all the info. Are you using this function anywhere else on the page? If not, get rid of the variables in your link, and put them directly in the javascript.

I am following you properly I THINK, but I am showing you all the code the service gives me. window.open, I believe, is using information from the provider IP address, which I do not have access to. In other words, isn't *window.open just a generic method of opening a pop-up, but the IP/URL address means that, essentially, the pop-up being opened is from that IP address and not my website.

That IP/URL needs the account information passed to them, I believe, for the following reasons:

My account information in the code is part of one big link (://12.345.67.890/CallMe.asp?
ID=CR01234567890&No=1234567') that passes the info. to whatever is at that IP address so that the service provider's automated system can, specifically, schedule calls for my telephone number and not someone else's. In other words, the pop-up being opened is of the "webpage" ://12.345.67.890/CallMe.asp?
ID=CR01234567890&No=1234567

Quote:

Originally Posted by chrishirst

Just put in a AJAX request from the server for the values as and when needed.

How? Any good online "How To" you can refer me to?

note: I think the cloaking method described at roly.blogsome will be adequate I just do not immediately know how to customize it for my situation. I am somewhat confident I can, but it will take me some time.

*://www.javascript-coder.com/window-popup/javascript-window-open.phtml

Pinned threads in the javascript forum

So are you saying that this link changes?
"http://12.345.67.890/CallMe.asp?ID=CR01234567890&No=1234567"

If it stays the same, you can plug it in directly into the javascript, instead of using the variable. If it changes, then you could still only pass the changed part to the javascript and concatenate that part with your ID(that doesn't change). Your ID would not be passed to the javascript in that instance, so it wouldn't show up in your link.

Thankyou For Responding.

Quote:

Originally Posted by angele803

So are you saying that this link changes?
"http://12.345.67.890/CallMe.asp?ID=CR01234567890&No=1234567"

No. The link they provided me with does not change.

Quote:

Originally Posted by angele803

...you can plug it in directly into the javascript, instead of using the variable.

I think what you are saying would be good enough for me, but I do not know how to do this.

Quote:

Originally Posted by angele803

If it changes, then you could still only pass the changed part to the javascript and concatenate that part with your ID(that doesn't change). Your ID would not be passed to the javascript in that instance, so it wouldn't show up in your link.

Don't know how to do this either.