SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Addict
    Join Date
    Oct 2008
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    stop accessing javascript function through URL

    hi,

    I am new to development, I want to stop accessing javascript function through url. We can access js by javascript: function name() can make access of the function through URL, i want to stop doing this.

  2. #2
    SitePoint Zealot
    Join Date
    Mar 2008
    Posts
    151
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can only stop this by disabling javascript in the browser, but no javascript will work at all then, as javascript is disabled...

  3. #3
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You shouldn't need to stop people from doing this.
    You cannot stop them from accessing data which you provide to thier computer. They are in full controll. If this is a problem for your application, then you seriously need to rethink things.

  4. #4
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,875
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    You can stop people from hotlinking to your JavaScript from their site by turning on hotlink protection for .js files the same way you turn it on for .gif, .jpg and .png files to protect your images from being remotely loaded.

    As with images the JavaScript gets downloaded toyour visitor's computer before the page can be displayed and so any protection from people accessing it who view your web page is impossible.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  5. #5
    SitePoint Addict
    Join Date
    Oct 2008
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks for your reply, how to stop hotlinking? please help..

  6. #6
    SitePoint Enthusiast Tim Greer's Avatar
    Join Date
    Aug 2001
    Location
    California, home of the bear...
    Posts
    54
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hotlinking is usually done in an .htaccess file or the web server configuration file, using (for example) Apache's Rewrite module. It checks the site it's being called from via the HTTP_REFERER (note the intentional misspelling of "referrer"), and it checks against a list of known/trusted domain/hostnames you want to allow to load or call the file in question (images, javascript, flash, whatever), and if it's called from a site (loaded from a site) that's not on the list, you can reject it, serve up an alternative file (such as an image saying they are "stealing" images or code from your site and wasting your site's bandwidth) or just deny it altogether and not serve up anything alternative (which can cause their site to break, which is usually the point so they stop).

    Unfortunately, while hotlink protection is usually good for most cases, it won't stop people that view the file directly, from a bookmark, etc. since it'll directly call it from your site that way (but you could then force referers), and it can also be bypassed with embedding and faking the referer via he other site, if they knew how. However, most people don't, so that can be pretty effective in most situations. Look on google for Apache .htaccess rewrite hotlink protection for examples.
    Tim Greer, CEO/Founder/CTO, BurlyHost.com, Inc.
    http://www.burlyhost.com/ Shared Hosting, Reseller Hosting, more!
    Industry's most experienced staff! -- Web Hosting With Muscle!

  7. #7
    SitePoint Zealot
    Join Date
    Jan 2007
    Location
    Australia
    Posts
    137
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    As Sharky mentioned, if exposing this JS is causing problems for your application security, you need to be handling that JS functionality on the server-side behind an authentication layer. Trying to conceal or protect information being sent to the client is simply a false sense of security -- which is often worse than no security at all.

  8. #8
    SitePoint Enthusiast Tim Greer's Avatar
    Join Date
    Aug 2001
    Location
    California, home of the bear...
    Posts
    54
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The OP didn't actually say this was causing a security issue, but just that it was something they were trying to stop from happening (from other sites). Maybe I missed the other mention of security issues, but if so, and regardless, it's a definite mistake to ever rely on any browser side scripting using anything like JavaScript for something that does any serious checks, exposes sensitive data, does any security checks or poses any security issues. If that's the case here, then definitely find a way to put the functions in a server side script, as the above poster suggested. JavaScript and similar things should only be used to add extra dynamics, fun stuff, or browser side checks before submission is allowed (before the server side script check, which it still needs to do). Use it for interactivity and dynamics with the browser and page, not for anything needed or serious (both on a level of site functionality as well as security implications).
    Tim Greer, CEO/Founder/CTO, BurlyHost.com, Inc.
    http://www.burlyhost.com/ Shared Hosting, Reseller Hosting, more!
    Industry's most experienced staff! -- Web Hosting With Muscle!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •