Is it possible to 'hide' javascript from a user. I am thinking of
putting some fairly proprietary logic client side (to release burden on
server) - but I dont want to make the source freely available to every
Tom, Dick and Harry. any suggestions?
13  1748 
Dave Schwimmer wrote: Is it possible to 'hide' javascript from a user. I am thinking of
putting some fairly proprietary logic client side (to release burden on
server) - but I dont want to make the source freely available to every
Tom, Dick and Harry. any suggestions?
The only thing you can do is make it obscure.
--
Ian Collins.
"Dave Schwimmer" <ds*****@nospam.com> wrote in message
news:dt**********@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com... Is it possible to 'hide' javascript from a user. I am thinking of putting
some fairly proprietary logic client side (to release burden on server) -
but I dont want to make the source freely available to every Tom, Dick and
Harry. any suggestions?
The short answer is....it can't be done.
Jim wrote: "Dave Schwimmer" <ds*****@nospam.com> wrote in message
news:dt**********@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
Is it possible to 'hide' javascript from a user. I am thinking of putting
some fairly proprietary logic client side (to release burden on server) -
but I dont want to make the source freely available to every Tom, Dick and
Harry. any suggestions?
The short answer is....it can't be done.
Ok. precise and to the point. Thats good. But theres always a way though
(or is there?). What if I have my libraries in *.js files on the server
in a location that the user does not have permissions to (I will
ofcourse need something server side to load the files - which defeats
the purpose of client side processing, so I shot myself in the foot
already).
Does anyone know how to get around this?.
Dave Schwimmer wrote: Jim wrote:
"Dave Schwimmer" <ds*****@nospam.com> wrote in message
news:dt**********@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
Is it possible to 'hide' javascript from a user. I am thinking of putting
some fairly proprietary logic client side (to release burden on server) -
but I dont want to make the source freely available to every Tom, Dick and
Harry. any suggestions?
The short answer is....it can't be done.
Ok. precise and to the point. Thats good. But theres always a way though
(or is there?). What if I have my libraries in *.js files on the server
in a location that the user does not have permissions to (I will
ofcourse need something server side to load the files - which defeats
the purpose of client side processing, so I shot myself in the foot
already).
Does anyone know how to get around this?.
You can't have your cake and eat it, too :) What you're basically
asking for is the ability to have the client (which is out of your
control, nonetheless) read, parse, and execute some code -- without
reading that same code.
But, honestly, if your code is that proprietary and sensitive you
shouldn't even consider have some (unknown) client run it for you.
Dave Schwimmer wrote: Is it possible to 'hide' javascript from a user. I am thinking of
putting some fairly proprietary logic client side (to release burden on
server) - but I dont want to make the source freely available to every
Tom, Dick and Harry. any suggestions?
You can only make the script difficult to obtain. This may be enough to
keep Tom, Dick, and Harry away, but not many users of this group :-).
You will find a tool at http://www.dynamicdrive.com/dynamicindex9/encrypter.htm that has been
around for ages and that will make the script difficult to read.
However, even if a viewer does not know about this site, a person who
knows javascript well will see what has been done and likely can write
a little program to decode it quite rapidly.
Dave Schwimmer wrote: The short answer is....it can't be done.
Ok. precise and to the point. Thats good. But theres always a way though
(or is there?). What if I have my libraries in *.js files on the server
in a location that the user does not have permissions to (I will
ofcourse need something server side to load the files - which defeats
the purpose of client side processing, so I shot myself in the foot
already).
Does anyone know how to get around this?.
Live with it, everything the UA executes has to be downloaded. You
could obscure the algorithm by doing pars of it server side I guess.
--
Ian Collins.
On Sat, 18 Feb 2006 06:10:12 +0200, Dave Schwimmer <ds*****@nospam.com>
wrote: Ok. precise and to the point. Thats good. But theres always a way though
(or is there?). What if I have my libraries in *.js files on the server
in a location that the user does not have permissions to (I will
ofcourse need something server side to load the files - which defeats
the purpose of client side processing, so I shot myself in the foot
already).
Does anyone know how to get around this?.
In my projects I use AJAX-like connections through IFRAME, which loads JS
from the server (generated
on the fly), and then executes it via eval(). If I instruct a browser not
to cache this loaded page (with
no-cache header), it might be possible to hide JS source.
Vladas
ProData Ltd.
Vladas Saulis wrote: Dave Schwimmer wrote: Ok. precise and to the point. Thats good. But theres
always a way though (or is there?).
Sometimes no means 'no, not ever' .
What if I have my
libraries in *.js files on the server in a location that
the user does not have permissions to (I will ofcourse
need something server side to load the files - which
defeats the purpose of client side processing, so I shot
myself in the foot already).
Does anyone know how to get around this?.
In my projects I use AJAX-like connections through IFRAME,
which loads JS from the server (generated on the fly), and
then executes it via eval(). If I instruct a browser
not to cache this loaded page (with no-cache header), it
might be possible to hide JS source.
Web browsers often treat 'instructions' not to cache a resource as an
instruction not to hang on to a copy of that resource once they have
closed down. If you look in the cache while the site is still in the
browser all the downloaded resources (irrespective of protocol or
headers) are likely to be available (and you only need to know one
browser where that is true to get around any number of browsers that may
act in a manner that is more friendly to the prospective code hider).
And that is assuming the site is not using plain HTTP and the
prospective student of the code is not just recording all the incoming
HTTP traffic to disc.
The whole 'code hiding' notion is a dead loss; the only people against
whom it is effective are the people who would have no use for what they
found (most of whom do not know enough to even look for the code). As
soon as you are trying to defeat people with even an intermediate
understanding of javascript and web technologies the client-side code is
wide open to examination.
Richard.
Dave Schwimmer wrote: Is it possible to 'hide' javascript from a user. I am thinking of
putting some fairly proprietary logic client side (to release burden on
server) - but I dont want to make the source freely available to every
Tom, Dick and Harry. any suggestions?
Unless a server is badly overloaded, many serverside scripts, such as
php, take very little space and time to operate. Thus I would strongly
suggest writing as much of your code as possible in php. In general,
you can do most things with php that you can do with javascript,
provided that some operation, perhaps selecting a color, is not
required after download. However you can also use just enough
javascript to do the things that can not be done with php in this case.
If the server resources really are a problem, you could write most of
the code in javascript. However you could use php on the server for
just enough code to make it difficult to impossible to tell everything
that is being done. Javascript and php mix and match very well in many
cases. However, if use of pure php and no javascript is possible, your
code will not only be hidden, but your page will also work on the small
number of browsers that have javascript turned off.
Dave Schwimmer said the following on 2/17/2006 11:10 PM:
Jim wrote:
"Dave Schwimmer" <ds*****@nospam.com> wrote in message
news:dt**********@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
Is it possible to 'hide' javascript from a user. I am thinking of
putting some fairly proprietary logic client side (to release burden
on server) - but I dont want to make the source freely available to
every Tom, Dick and Harry. any suggestions?
The short answer is....it can't be done.
Ok. precise and to the point. Thats good. But theres always a way though
(or is there?). What if I have my libraries in *.js files on the server
in a location that the user does not have permissions to (I will
ofcourse need something server side to load the files - which defeats
the purpose of client side processing, so I shot myself in the foot
already).
Does anyone know how to get around this?.
Open the site.
File>Save As
Save the site.
Now, I have the files.
--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/
Dave Schwimmer <ds*****@nospam.com> wrote: Ok. precise and to the point. Thats good. But theres always a way though
(or is there?). What if I have my libraries in *.js files on the server
in a location that the user does not have permissions to (I will
ofcourse need something server side to load the files - which defeats
the purpose of client side processing, so I shot myself in the foot
already).
You said it. You're talking about code that will be executed on the
client. The client can't execute it if it can't get it. Once the
client gets the code, you no longer have control over it, the client
can display it, save it, parse it, whatever. You have no idea what's
being done and absolutely no control over it.
So: if you really, really, need to keep this stuff secret, then keep
it on the server. Server-side processing cannot be seen by the client,
and you have total control over it.
--
Tim Slattery Sl********@bls.gov
Vladas Saulis wrote:
[snip] In my projects I use AJAX-like connections through IFRAME, which loads JS
from the server (generated
on the fly), and then executes it via eval(). If I instruct a browser not
to cache this loaded page (with
no-cache header), it might be possible to hide JS source.
[/snip]
One simple attack to start with is to use the HTTPRequest object with
the URL of your JavaScript producing server page. You can then access
the results through the responseText property.
Regards
Julian
If it was possible to hide the code your computer would have already
been taken over by some script kiddie.
Ken Girard
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Daylor |
last post by:
how can i protect my code from decompile ?
|
by: Andrew Thompson |
last post by:
It seems most people get there JS off web sites, which is
entirely logical. But it is also a great pity since most
of that code is of such poor quality.
I was looking through the JS FAQ for any...
|
by: harish.mallipeddi |
last post by:
Hi all,
This might sound a bit weird but anyways here I go. Recently after
witnessing the popularity of AJAX/DHTML, and after enjoying Gmail's
fairly cool UI, I'm left wondering...is there going...
|
by: Matt Kruse |
last post by:
http://www.JavascriptToolbox.com/bestpractices/
I started writing this up as a guide for some people who were looking for
general tips on how to do things the 'right way' with Javascript. Their...
|
by: weixiang |
last post by:
Hi,
After compiling with C#, the target exe file can still be reverse-compiled
by ildasm. Is there someway to protect code from that method? I already
used strong-name in my module.
Thank...
|
by: Weston Weems |
last post by:
Ok,
I've posted on this before, lemme give you guys the run
down. I've got an asp form that has postbacks etc. I'd
like it so that when navigating away from it, It'll prompt
user for save...
|
by: Bill |
last post by:
1. I find that debugging does not work if the JavaScript you wish to debug is
included in your program via src="blah". All of my programs use this because
I have many common scripts that are used...
|
by: Huy Hoang |
last post by:
I am developing a C# application in which I have several SQL
statements. Currently I have each SQL statement residing inside a text
file. In the C# code, I will load the text files, and execute the...
|
by: bevoldjling |
last post by:
Hi !
I need some help in putting together a website for our family
gathering.
Although I'm still pretty "green", I don't think what I need requires
terribly advanced skills ...except for one...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| |
