Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Protect .js files?

  • 16-08-2002 11:06am
    #1
    Registered Users, Registered Users 2 Posts: 7,468 ✭✭✭


    Folks,

    I've got my javascript functions in a .js file in a single directory. I want the pages on my website to be able to access those functions but I don't want some ****er opening the .js file with their browser and stealing my precious scripts. This is an Apache server running on Linux.

    Should I use a .htaccess file, and if so, how?

    If not any suggestions would be a great help. (Well not any suggestion ;) )


Comments

  • Closed Accounts Posts: 286 ✭✭Kev


    javascript is client side, so for it to run the browser has to download it, so if you protect it, it wont run.


  • Closed Accounts Posts: 9,314 ✭✭✭Talliesin


    Who cares about your .js file. Does it contain the second secret of Fatima in a comment?


  • Registered Users, Registered Users 2 Posts: 11,987 ✭✭✭✭zAbbo


    Use it as an include file in asp,

    simple


  • Registered Users, Registered Users 2 Posts: 3,889 ✭✭✭cgarvey


    Originally posted by bazH
    Use it as an include file in asp

    Not that simple, the JS is obviously client side. And the goal is to protect the source being viewed. So if you include it in ASP page, then it can still be viewed just by viewing the source of the HTML.

    If you mean do the logic in the JS server side, then that's not always possible or a good idea.

    I think the bigger question is why would you want to protect it? Have you something really really secret that is not in the public domain? No offense, but probably not. And if you do, then you might as well submit it to some scripts site and at least try and get credit for it.

    You could try using the Referrer of the HTTP request to make sure the request for the JS file came from the page, but that's nowhere near 100% protection.


  • Registered Users, Registered Users 2 Posts: 7,740 ✭✭✭mneylon


    He's on linux... so you could try using an include in PHP... though as javascript is client side it probably won't work..
    do a search on google or dynamicdrive.. there are a few tools to obfuscate javascript, though I don't know how good they are


  • Advertisement
  • Closed Accounts Posts: 9,314 ✭✭✭Talliesin


    If your code was really worth protecting (doubt it) it would be worth reverse engineering the obfuscatation.


  • Registered Users, Registered Users 2 Posts: 7,468 ✭✭✭Evil Phil


    All I wanted to do was prevent people from getting a listing on the directory that contained the files. Boards has changed since I've left Ireland.

    Thanks for the help (not).


  • Registered Users, Registered Users 2 Posts: 7,740 ✭✭✭mneylon


    If you want to prevent a directory listing you might want to try a .htaccess if you are on Linux


  • Registered Users, Registered Users 2 Posts: 7,468 ✭✭✭Evil Phil


    Thanks BK.


  • Closed Accounts Posts: 19,777 ✭✭✭✭The Corinthian


    One means is to use server side scripting to decide weither or not to dish out your JS file in the first place, based upon the referrer. Your script would call, say:
    [PHP]<SCRIPT SRC="foobar.php">[/PHP]
    which would be a PHP script (or JSP or ASP, doesn't matter) outputting your JS object with a Content-Type of text/plain.

    Then encrypt your code and allow it to decrypt/execute using eval. The important thing it to encrypt it on the server on the fly and to use the current date as the key. This means that others will still be able to download your code, but it won’t work after a day, as you will be using the system clock to pull out a key at their end. Given this, they could still decrypt your code if they put their minds to it (e.g. by just replacing eval with document.write).

    Alternatively, just check whether the call is coming from a valid location (i.e. your HTML page) using the referrer page. Downside to this is that they may still find a cached version on their PC’s and some browsers may not bother sending a referrer header for JS objects.

    Bottom line is that with client-side code, the best you can ever do is obfuscate, never truly protect. However, if all you’re trying to do is protect your code (rather than any data contained within) this would probably do the trick as most snarf monkeys who need to steal other peoples’ code would not be able to de-obfuscate it anyhow.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 3,889 ✭✭✭cgarvey


    Originally posted by Evil Phil
    All I wanted to do was prevent people from getting a listing on the directory that contained the files. Boards has changed since I've left Ireland.

    Thanks for the help (not).

    Sure, but next time, maybe try to ask the question you want answered, rather than asking a different question to the one you want answered and then getting all sarky (and mature.. not) when you don't get the answer you want.


Advertisement