Javascript file permissions

I would like my external Javascript files to be executable only by my application, and not readable (e.g if they were to browse via a url) as a security percaution.

Is this possible? I tried setting the public permissions (apache) to execute only. but the JS stoped working. Any input much appreciated! :slight_smile:

p.s. sorry if this is the wrong forum

Has your application some user agent?
echo “javascript contens”;
else {
echo “nothing”;

A web browser must be able to read the url, otherwise it can’t execute the code.

If your application currently requires that a user not be able to see the code, then you need to rethink your design. You can obfuscate, but you will not be successful against a programmer.

You do not have to make the javascript difficult to read, interpret and understand. You can deliver it via a url that does not directly access the js file itself - that is you can call a cgi that delivers the javascript. But at the end of the day the javascript ends up in the browser and can be examined.

If it is written in JavaScript then anyone can run it. If you don’t want anyone to be able to run it then don’t use JavaScript.

checking for user agent is good, when you want some script run just for you, I used it on some website to hide link to admin section, it was visible just with FF + addon and edited special user agent for this website.

[QUOTE=Mirek Komárek;4439960]checking for user agent is good, when you want some script run just for you,QUOTE]

That’s a good idea. Just change the user agent so it contains something that will uniquely identify your browser eg. add your name into the user agent.

It doesn’t stop someone else overriding that so as to get it to run anyway but it would prevent casual visitors from accessing it by accident.

There is just small problem when you forget to switch your special user agent and go to site, where they can identify you, because they will see that user agent in analytics counters and so on. So it is not very safe solution.

Only if you replace what is already in the user agent will it stand out. If you just add something to the useragent it will only be noticed if someone looks at the raw logs or decides to specifically track you.