By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,814 Members | 2,162 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,814 IT Pros & Developers. It's quick & easy.

There is no way to hide code (continued): how to read statistics?

P: n/a
A while ago I posted a message saying that saving Javascript code as
external file might hide the code better. All replies to it said it
would still be very easy for people to look at the source code. I
sometimes look at the source code if a page is impressive or
interesting, but have never opened any external file.

As experiment, I saved a Javascript code of a web page as the external
file of it. After several days, I looked at the statistics of the web
site, and found the web page was hit, for instance, 100 times, and the
external files was hit 35 times.

Does this mean that the external file was separately opened 35 times?

Thanks.
Dung Ping

Oct 13 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a
Lee
Dung Ping said:

A while ago I posted a message saying that saving Javascript code as
external file might hide the code better. All replies to it said it
would still be very easy for people to look at the source code. I
sometimes look at the source code if a page is impressive or
interesting, but have never opened any external file.

As experiment, I saved a Javascript code of a web page as the external
file of it. After several days, I looked at the statistics of the web
site, and found the web page was hit, for instance, 100 times, and the
external files was hit 35 times.

Does this mean that the external file was separately opened 35 times?


That means that your main web page was hit 35 times by people who hadn't already
cached the external js file. The file must be downloaded to their browser in
order to work. That's another reason why it isn't secure.

For what it's worth, just this morning I hit a production web page that didn't
work properly in Firefox, so I looked at the source which led me to their
external js file. I opened that and found the error and reported it to the
webmaster. Very easy.

Oct 13 '05 #2

P: n/a
Dung Ping wrote:
As experiment, I saved a Javascript code of a web page as the external
file of it. After several days, I looked at the statistics of the web
site, and found the web page was hit, for instance, 100 times, and the
external files was hit 35 times. Does this mean that the external file was separately opened 35 times?


No, it means that there were 100 hits to the web page, and 35 hits to the
script file. Its possible that none of those hits were from people actually
looking at the page and that 35 people opened it by hand, but its unlikely.
More likely of the 100 hits to the main page, some were revisits and had
the script file in their cache (and didn't bother downloading it again),
and some were from clients without JavaScript (such as GoogleBot).

--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is
Oct 13 '05 #3

P: n/a
On the other hand, you can thwart a passing attempt at getting your code
by denying it to be served if the http referrer isn't equal to the page
it's supposed to be served from.

If anyone types the URL of the JS file directly into their browser
they'll get squat.

Of course, this won't even really slow down someone who is determined to
get your code.

-Jeremy

Dung Ping wrote:
A while ago I posted a message saying that saving Javascript code as
external file might hide the code better. All replies to it said it
would still be very easy for people to look at the source code. I
sometimes look at the source code if a page is impressive or
interesting, but have never opened any external file.

As experiment, I saved a Javascript code of a web page as the external
file of it. After several days, I looked at the statistics of the web
site, and found the web page was hit, for instance, 100 times, and the
external files was hit 35 times.

Does this mean that the external file was separately opened 35 times?

Thanks.
Dung Ping

Oct 13 '05 #4

P: n/a
On 13/10/2005 23:46, Jeremy wrote:
On the other hand, you can thwart a passing attempt at getting your code
by denying it to be served if the http referrer isn't equal to the page
it's supposed to be served from.
But that will prevent anyone from accessing the script if they choose to
prevent their browser from sending the Referer [sic] header, or use a
proxy that strips it. Referer checks should only be made if a header is
actually sent.

[snip]
Of course, this won't even really slow down someone who is determined to
get your code.


True. Telnet and wget, to name two ways.

Mike
Please don't top-post to this group.

--
Michael Winter
Prefix subject with [News] before replying by e-mail.
Oct 13 '05 #5

P: n/a
Michael Winter wrote:
[snip]
Please don't top-post to this group.


My apologies. I never really understood the emnity for top-posting, but
if them's the rules then that's that.
Oct 13 '05 #6

P: n/a
Jeremy wrote:
My apologies. I never really understood the emnity for top-posting, but
if them's the rules then that's that.


Argh. s/emnity/enmity.

*makes coffee*
Oct 13 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.