SitePoint Sponsor

User Tag List

Results 1 to 8 of 8

Thread: encrypt

  1. #1
    SitePoint Addict
    Join Date
    Aug 2004
    Location
    philmont
    Posts
    315
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    encrypt

    I know that this is basically pointless. What I would like to do is to "hide" my src location. I dont care about the rest of the page as its easily retrievable.

    What I am trying to do is take a script location on example.html::

    example.html

    <script src="http://www.domain.com/js/java.js" language"JavaScript1.2"></script>

    and then change it so the url isnt able to be read unless you spend a few minutes trying to decode/find it. If they really want it, they can get it- but its for those that look at the source for a moment and see that the code can be found at that particular url.

    any suggestions?

  2. #2
    &#083;itePoint Aficionado JVLB's Avatar
    Join Date
    Jan 2002
    Location
    N 44° 56.537' W 123° 3.683'
    Posts
    1,127
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I believe the Sisyphean task you undertake can only really be approached with server-side scripts. Even then, effectiveness rarely justifies the complications engendered.

    A possible non-server approach occurs:
    1) Have an entry page that has as the first head element a script which changes the window.name property to reflect a filename string, then changes location.href to the main JavaScript page. Further down in the head, a meta refresh tag should redirect browsers with JavaScript turned off.

    2)The main page parses the window.name to dynamically load a script using node manipulations (the src of the node is constructed from the parsed string).

    3) The .js file loaded with this mechanism resets the window.name to a value that doesn't reveal the filename.

    Certainly, this wouldn't be foolproof, but it could complicate the process of divining the .js file name. It would, however, add complexity to the load process as well, requiring at least one more HTTP request on every page view.

  3. #3
    SitePoint Wizard silver trophy someonewhois's Avatar
    Join Date
    Jan 2002
    Location
    Canada
    Posts
    6,364
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'll just quote myself from your other thread on this exact same topic:

    Quote Originally Posted by Scheisskopf
    You cannot hide your javascript.. Theres no point in trying.
    Precisely. JS and HTML are client side. They're parsed by the client. Therefore, the client has to decode it at somepoint -- and therefore the code is on the client's computer, which means that they can see it.

  4. #4
    &#083;itePoint Aficionado JVLB's Avatar
    Join Date
    Jan 2002
    Location
    N 44° 56.537' W 123° 3.683'
    Posts
    1,127
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Some of the cleverer server-side approaches take advantage of the fact that many browsers accept a .php file as the src for a JavaScript external script reference. Some of these are quite hard to crack without significant knowledge of server-side intricacies. On the other hand, the additional complexity is likely to lead to greater failure rates.

    The original poster seemed to realize that JavaScript security is only superficial. Perhaps more to the point, there is nothing in anyone's own, precious code that can't be found elsewhere. You'll be jumping through more hoops to hide your scripts than someone will have to go through to find equivalent scripts in other venues.

  5. #5
    SitePoint Wizard silver trophy someonewhois's Avatar
    Join Date
    Jan 2002
    Location
    Canada
    Posts
    6,364
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I still don't see how there can be anything at all clever about it. PHP can't do anything to mask the client reading it, PHP is server side. (Also, you can serve PHP with a .JS extension, so browsers accepting the .php as the source for JS is irrelevant, but I do see your point.)

  6. #6
    Non-Member
    Join Date
    Jan 2005
    Location
    Netherlands
    Posts
    4,300
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello

    Some old tricks

    Use relative paths to folders

    <script src="../js/java.js" language"JavaScript1.2"></script>

    <script src="http://www.domain.com/js/java.js" language"JavaScript1.2"></script>

    Indirect call for the script by document write, you can also ad more JavaScript’s and CSS

    <script src=" ../js/x.js" language"JavaScript1.2"></script> in x:

    document.write('<script src="../js/java.js"language"JavaScript1.2"></script>')

    Run website in a frame nobody will notice, the address bar stays on the frame address,
    a few small web host still do this it makes it more difficult to poke around

    But than again this is far from full proof

  7. #7
    &#083;itePoint Aficionado JVLB's Avatar
    Join Date
    Jan 2002
    Location
    N 44° 56.537' W 123° 3.683'
    Posts
    1,127
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Basically, all the approaches just create additional layers and complexities to revealing the code. This is a Gordian knot approach to security. While it will discourage the dilettantes, it will also burden one's pages with needless cruft.

  8. #8
    SitePoint Addict
    Join Date
    Aug 2004
    Location
    philmont
    Posts
    315
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    with the post on the php forum, I had thought that there was a way to use variables to do my work for me...and then with some further reading- I realized that it wouldnt, I had even tried doing a variable thing for it and found that it still shows the url.

    I did try to use the method suggested:: ../directory/xxx

    the only problem with that was: it didnt work anymore on my site. The script I'm using is being used on all of my webpages and for some reason- it just stopped working outside of the directory it was placed in. So I was forced to use the full website value.

    I dislike having my website values listed in my source code unless I have them listed in the open (just a personal thing)



    But as everyone is telling me its pretty pointless to try doing this...I just thought Id give it a shot and see how it might be done.

    EDIT::
    I went back to look at my code, and somehow it now works when I use the relative path. No idea how that happened....I guess I was just trying to go for a substitute on the path so it wouldnt be as easy for soemone to see exactly where my items are located.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •