I have developed a javascript application that can be used by my clients just by inserting the following in one of their web pages:
<script>
document.write( '<iframe src="http://www.dynamicwebs itesystems.com/PGSampleTable.a sp"></iframe>')
</script>
Anyone looking at the page containing the above will only see the the above lines, not all the javascript source. Someone with a little more savy though could just paste http://www.dynamicwebsitesystems.com/PGSampleTable.asp into their browser and then they will see the javascript.
Is there some way that my PGSampleTable.a sp could know it has been called from outside the iframe and then just not serve the javascript?
Any other way to hide your javascript? (The above is only a prototype, it will eventually be a full costing system for the printing industry - I don't want anyone else to be able to steal it!)
Sep 19 '05
13 1424
Dr Clue wrote:
<snip> <script> var szSerialNo="SN" ;for(i in top){ee=eval("t op."+i); if(typeof ee=='number')sz SerialNo+=ee+St ring(i).substri ng(0,1);} document.locati on.href=documen t.location.href +"?"+szSeria lNo </script>
This will result in a second call something like http://www.dynamicwebsitesystems.com...asp?SN105s0l4s
Now depending on this value you can send back script for your application or a fake script for the nozy to stare at.
The reason to have a fake script is to keep the curious from realizing what exactly you did.
<snip> There are more things you can do to verify the serial number but the idea is not to let the nozy person know what your looking for.
Given that pulling the files actually downloaded from the browser's
cache is a fairly normal strategy for examining complete 3rd party
scripts, this will be a less than successful strategy.
But since Simon Wigzell frequently asks trivial questions on this group
it is likely that his expectation of interest in his script greatly
exceeds reality, and that much of that script is not actually his own
work anyway.
Richard.
Richard Cornford wrote: Dr Clue wrote:
<snip> Given that pulling the files actually downloaded from the browser's cache is a fairly normal strategy for examining complete 3rd party scripts, this will be a less than successful strategy.
I think the key word in my response was "Offiscatio n".
Of course one could do so even further by getting
the scripts via post , fiddling with the cache headers
and having faux versions of key functions that overlay
one another.
But heck , much of this stuff is like cheap bicycle locks,
in that they are meant to discourage theft, but can hardly prevent it.
--
--.
--=<> Dr. Clue (A.K.A. Ian A. Storms) <>=-- C++,HTML, CSS,Javascript
--=<> http://resume.drclue.net <>=-- AJAX, SOAP, XML, HTTP
--=<> http://www.drclue.net <>=-- SERVLETS,TCP/IP, SQL
--.
Dr Clue wrote: Richard Cornford wrote: Dr Clue wrote: <snip> Given that pulling the files actually downloaded from the browser's cache is a fairly normal strategy for examining complete 3rd party scripts, this will be a less than successful strategy.
I think the key word in my response was "Offiscatio n". Of course one could do so even further by getting the scripts via post , fiddling with the cache headers
If it is in the browser it is in the browser's cache, so post requests
and fiddling with headers will make no difference (except that implied
need to repeatedly download the same script would represent a needless
(and pointless) performance hit).
and having faux versions of key functions that overlay one another.
But given the full set of scripts and HTML (and images, etc) from the
cache it is not that difficult to work out what is going on.
But heck , much of this stuff is like cheap bicycle locks, in that they are meant to discourage theft, but can hardly prevent it.
If you use a cheep bicycle lock in London your bicycle _will_ be stolen,
no question about it (unless it is self evidently such a wreck that an
observer would not believe it was even functional).
The whole obfuscation business is protection against individuals who
don't know enough to actually have a use for any script they discover.
Once they have learnt to understand and use any script they may find
they have learnt enough to defeat any 'protection'. After all, the
ability to search with google is pretty much all that is required.
Richard.
Richard Cornford wrote: Dr Clue wrote:
<snip But heck , much of this stuff is like cheap bicycle locks, in that they are meant to discourage theft, but can hardly prevent it.
If you use a cheep bicycle lock in London your bicycle _will_ be stolen, no question about it (unless it is self evidently such a wreck that an observer would not believe it was even functional).
Thats exactly why the asp script would return the
faux code (crappy bike).
This faux code would would have enough code to look genuine
perhaps having deliberately flawed yet running functions.
So as far as the person doing a view-source , is concerned
they've stolen my crappy bike, and have no reason to suspect
that the crappy bike is a sham that hides my good bike.
--
--.
--=<> Dr. Clue (A.K.A. Ian A. Storms) <>=-- C++,HTML, CSS,Javascript
--=<> http://resume.drclue.net <>=-- AJAX, SOAP, XML, HTTP
--=<> http://www.drclue.net <>=-- SERVLETS,TCP/IP, SQL
--. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: F. Da Costa |
last post by:
Following is a snippet of html in which I hide a whole table and try to
hide a single row.
Here is my question (plz don't chew my head off if its css related instead):
Why does the divTable <div> Hide/Show work but not the divRow version?
What I'm trying to do here is simultaneously hide 1 or more rows
(possibly with nested divs as well).
This would allow for an elegant an well performing base for an html base
treetable (but I guess...
|
by: Pjotr Wedersteers |
last post by:
I am new to J(ava)Script, use PHP a lot and consider moving some stuff for a
project over to the client side. Problem is part of the PHP code is
copyrighted and the author would not be happy to see his work made available
to the world. Guess he is entitled to that opinion.
Is it possible to hide javascript and/or html data from the user or is the
only way to make it hard to get by obscuring it through removing
indentation, variable...
|
by: Ben |
last post by:
I have a form for data entry which is in a table. I have a select box
to enter a customer name, which takes it's options from the customer
database. I have a button to add a new customer. What I want is for the
relevant customer fields to magically appear underneath the selelect
box
when the "add customer button" is pressed. For some reason my code is
NOT
working. Have been trying to do it with div tags and style sheets using
a...
|
by: web_design |
last post by:
I put this together from some other scripts I am using on a site. I'm
trying to make a better email hiding script. It isn't working. Also, it
causes Internet Explorer 6 SP2 to block the script as "active content". :(
The idea is that if the user doesn't have JavaScript enabled, they will see
an image of the email address (that can't be read by email harvesting
programs). If JavaScript is enabled, the image will be hidden and the...
|
by: Mr Newbie |
last post by:
I was thinking about developing a workflow application yesterday and was
musing over the different approaches than one could take in restricting
specific actions on a ticket( Form ) at any said stage.
One approach I have used on other systems is to prevent the action buttons
appearing. For example, if one did not have the Role of Administrator, one
would be prevented from deleting a ticket not created by oneself.
However, it did occur...
| |
by: skarnath |
last post by:
I have some javascript i don't want the client to be able to view. is there
a method of hiding the code vs disableing the right click button?
Once again thanks in advance.
SMK
|
by: Kourosh |
last post by:
I have a lot of DIV tags on an HTML page. I want to group some of them
so that I can hide them all together at once if needed. What's a good
way to do this? I want this to be compatible with at least IE 5. Would
it be a good idea to assign all DIV tags in the same group the same
"title" attribute?
This is what I want to do, but I'm not sure if it's the correct
approach, and I'm not sure how to set the style with javascript either:
...
|
by: Ste |
last post by:
Hi there,
I've got a website with a list of Frequently Asked Questions, so
there's a question and answer in a long list down the page.
Can anyone recommend a simple script that would allow me to hide each
answer when the page loaded, but then made them individually
appear/disappear when clicking the question?
I'm after a solution that will degrade gracefully if a page doesn't
|
by: Frank |
last post by:
Hi,
I have read the other post about hiding the updatepanel using the ajax
lifecycle as such at the end of the aspx page:
<script type="text/javascript" language =javascript>
var c = new Sys.UI.Control($get("GridPanel"));
function beginRequestHandler(sender, args)
|
by: rohitchawla |
last post by:
i am trying to show and hide a div when onmouseover and onmouseover another div element.
i am setting a setTimeout duration on onmouseout to delay the hiding of div for around two second
The problem is that when i mouseover an element and then onmouseout it and then back again mouseovers that element before the timeout, the element still gets hidden
so i put a flag=1 when i mouseover the element and flag=0 at mouseout and checked the value...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |