Disable auto-save of JavaScripts ?

In article <86**************************@posting.google.com >,
ju**@barryoneill.com (Barry) writes:

Hello,

I've recently noticed that someone can simply type in the URL to my
javaScript, from my HTML source code, to the explorer location bar and
an auto-save dialog pops up to let them save it !
Yep, thats the way it works. Well, depending on how the browser is setup to
manage .js files. But anyway, its moot.
My clients want to keep their paid-for code proprietary. How do I
prevent this from occuring ?
Remove it from the web. Now, its safe. Otherwise, it can be gotten.
The javaScripts are embedded in my HTML in the following manner:

<SCRIPT SRC="/effects/top-menu.js"></SCRIPT>

..all someone has to do is strip out the URL part after my clients
domain name, and drop the above in after it, and hit enter - an
auto-save dialog pops up letting them download the scrpt. One of the
reasons for not including the code directly in the HTML is to try to
keep it proprietary (the other being so if I need to make a change to
it, I don't have to change all my HTML pages).

Again, thats the way it works. After you manage to come up with some hack to
try to stop this from "working", you will be asking how to stop
view-source:absoluteURLToJSFile.js from working. Then, how to stop it from
being gotten from the cache? Or, File>Save As in IE will save the file as well.
In short, take it off the web. Otherwise, it can be gotten.
--
Randy

ju**@barryoneill.com (Barry) writes:

I've recently noticed that someone can simply type in the URL to my
javaScript, from my HTML source code, to the explorer location bar and
an auto-save dialog pops up to let them save it !
My browser just shows the code as text. I can save it easily.
My clients want to keep their paid-for code proprietary. How do I
prevent this from occuring ?
Don't put it on the web! There is no other way!

If anybody claims to have a way to send code to the browser and have
it executed, and at the same time prevent the user, whose browser it
is, from seeing the code, they are either lying or clueless.
One of the reasons for not including the code directly in the HTML
is to try to keep it proprietary

It makes no difference, except against people who wouldn't be able
to read the code anyway.

/L
--
Lasse Reichstein Nielsen - lr*@hotpop.com
Art D'HTML: <URL:http://www.infimum.dk/HTML/randomArtSplit.html>
'Faith without judgement merely degrades the spirit divine.'

Barry said:

Hello,

I've recently noticed that someone can simply type in the URL to my
javaScript, from my HTML source code, to the explorer location bar and
an auto-save dialog pops up to let them save it !

My clients want to keep their paid-for code proprietary. How do I
prevent this from occuring ?
It's too late now, but the general rule is that you should
avoid taking on paying customers until you know a little bit
about how web servers and browsers work.

Any suggestions to ju**@barryoneill.com would be appreciated.

Welcome to USENET. You shouldn't ask for email responses here.

> My clients want to keep their paid-for [JS] code proprietary.

Short answer: Not possible.
Longer answer: Remember that since Javascript is a client-side technology, every script runs on the machines
of your visitors. That means that in the end, every piece of Javascript has to be transferred to them somehow,
and after that point you've of course no control of what they'll be doing to it (saving, copying, printing,
....). Even if you find some way of setting IE to prevent the right-click menu and prevent "view-source:"
requests and prevent what-not, you can't be sure how it behaves in other browsers. Finally, what do you do if
I'd telnet to your server and request the script manually via GET?

The solution is to run your code on the server, since then there's no need for it to be sent around.
Server-side scripting is something completely different though, have a look at PHP or Perl if you are
interested in that (Javascript won't do).

Best regards
Hendrik Krauss

It is possible, but only if your clients' network has fixed external IP(s).
Then you can check each request against this IP(s) and either serve it
or deny it.

Respectively you can serve separate parts of the page (scripts, applets)
based on the IP check.

If your customers using server-assigned IPs (or if there are not any
customers,
you just want to protect your software from copying) then you are out of
luck.

JavaScript/JScript/VBScript and Java (yes, Java too) code is open-source
software by their nature.
If you invented some ground-breaking algorithm, use it in a native
application.

Still the law of Parkinson-Murphy remains in effect:
"Anything created by one human being can be disassembled and/or altered by
another human being".
(The "Black box vulnerability" law)

Barry <ju**@barryoneill.com> wrote in message
news:86**************************@posting.google.c om...

Hello,

I've recently noticed that someone can simply type in the URL to my
javaScript, from my HTML source code, to the explorer location bar and
an auto-save dialog pops up to let them save it !

My clients want to keep their paid-for code proprietary. How do I
prevent this from occuring ?

The javaScripts are embedded in my HTML in the following manner:

<SCRIPT SRC="/effects/top-menu.js"></SCRIPT>

..all someone has to do is strip out the URL part after my clients
domain name, and drop the above in after it, and hit enter - an
auto-save dialog pops up letting them download the scrpt. One of the
reasons for not including the code directly in the HTML is to try to
keep it proprietary (the other being so if I need to make a change to
it, I don't have to change all my HTML pages).

Any suggestions to ju**@barryoneill.com would be appreciated.

Thanx,

Barry O'Neill