Re: nebie - keeping javascript code away from prying eyes

Vladas Saulis wrote:
Dave Schwimmer wrote:
Ok. precise and to the point. Thats good. But theres
always a way though (or is there?).

Sometimes no means 'no, not ever' .

What if I have my
libraries in *.js files on the server in a location that
the user does not have permissions to (I will ofcourse
need something server side to load the files - which
defeats the purpose of client side processing, so I shot
myself in the foot already).

Does anyone know how to get around this?.

In my projects I use AJAX-like connections through IFRAME,
which loads JS from the server (generated on the fly), and
then executes it via eval(). If I instruct a browser
not to cache this loaded page (with no-cache header), it
might be possible to hide JS source.

Web browsers often treat 'instructions' not to cache a resource as an
instruction not to hang on to a copy of that resource once they have
closed down. If you look in the cache while the site is still in the
browser all the downloaded resources (irrespective of protocol or
headers) are likely to be available (and you only need to know one
browser where that is true to get around any number of browsers that may
act in a manner that is more friendly to the prospective code hider).

And that is assuming the site is not using plain HTTP and the
prospective student of the code is not just recording all the incoming
HTTP traffic to disc.

The whole 'code hiding' notion is a dead loss; the only people against
whom it is effective are the people who would have no use for what they
found (most of whom do not know enough to even look for the code). As
soon as you are trying to defeat people with even an intermediate
understanding of javascript and web technologies the client-side code is
wide open to examination.

Richard.



.

Relevant Pages

  • Re: Anybody used htaccess in a form?
    ... HTML pages with embedded scripts that are decrypted by the browser ... protect only themselves, not any subsequently retrieved resource, unless ... authorization data to subsequently retrieved self decoding pages (and I ... If you have a form where the server side processing of the action takes ...
    (uk.net.web.authoring)
  • Re: Caching of websites - does it exist on SBS2003?
    ... To avoid the issue you can turn off caching in the Internet ... Resetting his browser did not help. ... That would imply the local system, not the server. ... Set the cache to 0, close IE, open and set the cache to something ...
    (microsoft.public.windows.server.sbs)
  • Re: RSS vs. NNTP
    ... I concede that the overhead in getting one's writing onto a news server is much higher than sticking Web pages and attendant RSS files on a Web server, or pouring one's heart into some Roach Motel system like Blogger or LiveJournal. ... new-message is certainly easier than directing my browser to a specific bookmark, logging in, clicking reply, and submitting text. ... perhaps download the resource, ...
    (comp.lang.lisp)
  • Re: Refreshing multiple images
    ... > Your browser tries to cache an image by it's url, ... Appending Math.randomappends a random number to it making it a unique URL and thus forcing a reload from the server. ... Use new Date.getTimeinstead and it will *never* return the same number twice in a row unless you monkey with your computers clock and even then you would have to manage to do it within about 10ms of the next loop executing to get the same number again. ... "Browsers are not required to look a the URL query string when determining whether or not to pull from the cache." ...
    (comp.lang.javascript)
  • Re: WIndows 2008 Cluster Scripting Problem
    ... I assume that the errors are becase it's a cluster. ... This shared resource does not exist. ... So my share is created successfully, but it isn't able to set the cache ... Microsoft Enterprise Platforms Support (Server Core/Cluster) ...
    (microsoft.public.windows.server.clustering)