Stopping someone From Steeling Your Scripts

[JCO]

I don't understand how you are suppose to stop someone from steeling your
scripts...once they are published. What if you have scripts that you don't
want others to read.

It seems that anyone can go to your server and get most of the information.

 

[Steve Easton]

Yes they can. If it's in the browser, it's in their computer.

Food for thought, and this isn't a putdown by any means. Anything you can
do in html or javascript has already been done. If it hadn't the browser
wouldn't know how to render it.


--
Steve Easton
MS MVP FrontPage
95isalive
This site is best viewed..................
...............................with a computer

 

[chris leeds]

server side stuff is pretty secure since it gets processed before it gets
sent to the browser.
HTH
what kind of scripts are you worrying about?

 

[JCO]

Thanks for both response.
If a JavaScript that is put in a folder named My_Scripts contains a
password, it seems that anyone can get those scripts and see the content (I
think). I did not put stuff in the html for this reason. I did put a
validation form in a script that contains a password.

I know their are a thousand ways to do passwords. My server is a free host,
therefore, server side help is out of the question. I just thought folks
can get the html but not the scripts.... is this true.

 

[Steve Easton]

See if your script will still run if you place it inside the _private
folder. The private folder is not accessible to the "outside world" but
*normally* is if used for something inside the web. ( depending upon
permission settings )


Also, if your site is hosted on an Apache/UNIX server you can use .htaccess
and .htpasswd files for password protection.
These can not be accessed from outside when done correctly. It takes a
little "learning" but once you do it it's simple.

If need be and you can use them, I can create a set and e-mail them to you.
Also if your server has the web masters CPanel,
check the Access Menu for a feature called Web Protect.

--
Steve Easton
MS MVP FrontPage
95isalive
This site is best viewed..................
...............................with a computer

 

[Jack Brewster]

Thanks for both response.
If a JavaScript that is put in a folder named My_Scripts contains a
password, it seems that anyone can get those scripts and see the content (I
think). I did not put stuff in the html for this reason. I did put a
validation form in a script that contains a password.

I know their are a thousand ways to do passwords. My server is a free host,
therefore, server side help is out of the question. I just thought folks
can get the html but not the scripts.... is this true.

JavaScript passwords are only a little more secure than putting the password
in plain sight in your HTML, but only in the same way that holding a gate
closed with a twist of wire can be thought of as securing your yard.

If you really want to secure your site, you need to use other methods such
as server side scripting or features of the operating system (such as
..htaccess files on Unix or file system permissions).

There simply is no such thing as JavaScript security. If you find scripts
online written by any conscientious author they will disclose that fact
right up front. As Steve mentioned, just like any other web file,
JavaScript files are downloaded to the visitor's hard drive before they can
be rendered. Once it's in the browser cache, it's easy for someone to look
at.

If securing your site is a real issue, you may want to consider a more
robust hosting solution. Even a $5/month outfit should be able to meet this
basic need. If you're only worried about casual users getting to the wrong
page, and are willing to accept that it may happen, then the JavaScript
solution you're using will probably do.

 

[JCO]

That is a good idea. I never knew what the _private was for. I figure
internal only.
I will have to modify the scripts since the path will be different.

 

[Thomas A. Rowe]

_private still will not protect your JavaScript and may cause the user to be
prompted for your server login to view any page with the script linked to it
from the _private folder.

JavaScript is client-side, meaning that it is executed in the browser,
therefore it must be available to the browser when the browser requests a
page with a link to the script. External JavaScript (.js) files will be
downloaded to the user's machine.

Bottomline, you can not hide JavaScript code!

--

==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
WEBMASTER Resources(tm)

FrontPage Resources, WebCircle,
MS KB Quick Links, etc.
==============================================

 

[JCO]

Okay
Thanks for the information

_private still will not protect your JavaScript and may cause the user to be
prompted for your server login to view any page with the script linked to it
from the _private folder.

JavaScript is client-side, meaning that it is executed in the browser,
therefore it must be available to the browser when the browser requests a
page with a link to the script. External JavaScript (.js) files will be
downloaded to the user's machine.

Bottomline, you can not hide JavaScript code!

--

==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
WEBMASTER Resources(tm)

FrontPage Resources, WebCircle,
MS KB Quick Links, etc.
==============================================

 

[Ronx]

If you must use JavaScript "security" (oxymoron) have a look at
www.rxs-enterprises.com/tests/jspass/index.html . This, IMHO, is about as
secure as you can get - with JavaScript.

 

[JCO]

Yes I've read this before. Sorry to say... it seems to complicated for me
to do.
However, I will re read and consider this again.....Thanks