SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    38911 Basic Bytes Free johnuk's Avatar
    Join Date
    Jul 2008
    Location
    Somerset, England
    Posts
    458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Javascript file permissions

    I would like my external Javascript files to be executable only by my application, and not readable (e.g if they were to browse via a url) as a security percaution.

    Is this possible? I tried setting the public permissions (apache) to execute only. but the JS stoped working. Any input much appreciated!


    p.s. sorry if this is the wrong forum

  2. #2
    SitePoint Addict Mirek Komárek's Avatar
    Join Date
    Dec 2006
    Location
    Prague
    Posts
    210
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Has your application some user agent?
    if(eregi("application_user_agent",$HTTP_USER_AGENT)){
    echo "javascript contens";
    }
    }
    else {
    echo "nothing";
    }

  3. #3
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    A web browser must be able to read the url, otherwise it can't execute the code.

    If your application currently requires that a user not be able to see the code, then you need to rethink your design. You can obfuscate, but you will not be successful against a programmer.

  4. #4
    SitePoint Evangelist
    Join Date
    Jun 2007
    Location
    North Yorkshire, UK
    Posts
    483
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You do not have to make the javascript difficult to read, interpret and understand. You can deliver it via a url that does not directly access the js file itself - that is you can call a cgi that delivers the javascript. But at the end of the day the javascript ends up in the browser and can be examined.

  5. #5
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,789
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    If it is written in JavaScript then anyone can run it. If you don't want anyone to be able to run it then don't use JavaScript.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  6. #6
    SitePoint Addict Mirek Komárek's Avatar
    Join Date
    Dec 2006
    Location
    Prague
    Posts
    210
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    checking for user agent is good, when you want some script run just for you, I used it on some website to hide link to admin section, it was visible just with FF + addon https://addons.mozilla.org/en-US/firefox/addon/59 and edited special user agent for this website.

  7. #7
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,789
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    [QUOTE=Mirek Komárek;4439960]checking for user agent is good, when you want some script run just for you,QUOTE]

    That's a good idea. Just change the user agent so it contains something that will uniquely identify your browser eg. add your name into the user agent.

    It doesn't stop someone else overriding that so as to get it to run anyway but it would prevent casual visitors from accessing it by accident.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  8. #8
    SitePoint Addict Mirek Komárek's Avatar
    Join Date
    Dec 2006
    Location
    Prague
    Posts
    210
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There is just small problem when you forget to switch your special user agent and go to site, where they can identify you, because they will see that user agent in analytics counters and so on. So it is not very safe solution.

  9. #9
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,789
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by Mirek Komárek View Post
    There is just small problem when you forget to switch your special user agent and go to site, where they can identify you, because they will see that user agent in analytics counters and so on. So it is not very safe solution.
    Only if you replace what is already in the user agent will it stand out. If you just add something to the useragent it will only be noticed if someone looks at the raw logs or decides to specifically track you.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •