470,599 Members | 1,470 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 470,599 developers. It's quick & easy.

There is no way to hide code (continued): how to read statistics?

A while ago I posted a message saying that saving Javascript code as
external file might hide the code better. All replies to it said it
would still be very easy for people to look at the source code. I
sometimes look at the source code if a page is impressive or
interesting, but have never opened any external file.

As experiment, I saved a Javascript code of a web page as the external
file of it. After several days, I looked at the statistics of the web
site, and found the web page was hit, for instance, 100 times, and the
external files was hit 35 times.

Does this mean that the external file was separately opened 35 times?

Thanks.
Dung Ping

Oct 13 '05 #1
6 1218
Lee
Dung Ping said:

A while ago I posted a message saying that saving Javascript code as
external file might hide the code better. All replies to it said it
would still be very easy for people to look at the source code. I
sometimes look at the source code if a page is impressive or
interesting, but have never opened any external file.

As experiment, I saved a Javascript code of a web page as the external
file of it. After several days, I looked at the statistics of the web
site, and found the web page was hit, for instance, 100 times, and the
external files was hit 35 times.

Does this mean that the external file was separately opened 35 times?


That means that your main web page was hit 35 times by people who hadn't already
cached the external js file. The file must be downloaded to their browser in
order to work. That's another reason why it isn't secure.

For what it's worth, just this morning I hit a production web page that didn't
work properly in Firefox, so I looked at the source which led me to their
external js file. I opened that and found the error and reported it to the
webmaster. Very easy.

Oct 13 '05 #2
Dung Ping wrote:
As experiment, I saved a Javascript code of a web page as the external
file of it. After several days, I looked at the statistics of the web
site, and found the web page was hit, for instance, 100 times, and the
external files was hit 35 times. Does this mean that the external file was separately opened 35 times?


No, it means that there were 100 hits to the web page, and 35 hits to the
script file. Its possible that none of those hits were from people actually
looking at the page and that 35 people opened it by hand, but its unlikely.
More likely of the 100 hits to the main page, some were revisits and had
the script file in their cache (and didn't bother downloading it again),
and some were from clients without JavaScript (such as GoogleBot).

--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is
Oct 13 '05 #3
On the other hand, you can thwart a passing attempt at getting your code
by denying it to be served if the http referrer isn't equal to the page
it's supposed to be served from.

If anyone types the URL of the JS file directly into their browser
they'll get squat.

Of course, this won't even really slow down someone who is determined to
get your code.

-Jeremy

Dung Ping wrote:
A while ago I posted a message saying that saving Javascript code as
external file might hide the code better. All replies to it said it
would still be very easy for people to look at the source code. I
sometimes look at the source code if a page is impressive or
interesting, but have never opened any external file.

As experiment, I saved a Javascript code of a web page as the external
file of it. After several days, I looked at the statistics of the web
site, and found the web page was hit, for instance, 100 times, and the
external files was hit 35 times.

Does this mean that the external file was separately opened 35 times?

Thanks.
Dung Ping

Oct 13 '05 #4
On 13/10/2005 23:46, Jeremy wrote:
On the other hand, you can thwart a passing attempt at getting your code
by denying it to be served if the http referrer isn't equal to the page
it's supposed to be served from.
But that will prevent anyone from accessing the script if they choose to
prevent their browser from sending the Referer [sic] header, or use a
proxy that strips it. Referer checks should only be made if a header is
actually sent.

[snip]
Of course, this won't even really slow down someone who is determined to
get your code.


True. Telnet and wget, to name two ways.

Mike
Please don't top-post to this group.

--
Michael Winter
Prefix subject with [News] before replying by e-mail.
Oct 13 '05 #5
Michael Winter wrote:
[snip]
Please don't top-post to this group.


My apologies. I never really understood the emnity for top-posting, but
if them's the rules then that's that.
Oct 13 '05 #6
Jeremy wrote:
My apologies. I never really understood the emnity for top-posting, but
if them's the rules then that's that.


Argh. s/emnity/enmity.

*makes coffee*
Oct 13 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by Mike G | last post: by
2 posts views Thread by Lyn Duong | last post: by
3 posts views Thread by Ahmet | last post: by
2 posts views Thread by ōyvind Isaksen | last post: by
7 posts views Thread by FP | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.