homepage Welcome to WebmasterWorld Guest from 54.166.84.82
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
Forum Library, Charter, Moderators: phranque

Website Technology Issues Forum

    
Protecting CSS & JS
..From prying eyes
knighty

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 648 posted 9:19 am on Dec 6, 2001 (gmt 0)

Is there a way to put your CSS or JavaScript file in another directory and make it so that if anyone tries to type in the address to see it can't?

i.e say the CSS file is in ../file.css can you prevent access to viewing that file so when they type http*//www.domain-name.com/file.css (de-linked) it just returns a 404 or something?

(edited by: DaveAtIFG at 5:22 pm (gmt) on Dec. 7, 2001)

 

SmallTime

10+ Year Member



 
Msg#: 648 posted 9:57 am on Dec 6, 2001 (gmt 0)

nope, look in your browser cache, you'll find lots of css and js files, the browser needs to retreive them.

ralnikov

10+ Year Member



 
Msg#: 648 posted 10:46 am on Dec 6, 2001 (gmt 0)

I think it should work:
create css & js files as asp files with following content:

<%
if Request.ServerVariables("HTTP_REFERER") <> "" then
%>
...real file content goes here...
<%
end if
%>

set asp handler for .css and .js extensions in IIS admin

now if someone requests a file without referer (e.g. he typed it in browser url field) he'll got a empty page

surely someone still could get page content from browser cache after normal request

knighty

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 648 posted 3:11 pm on Dec 6, 2001 (gmt 0)

What if you dant have asp?

So how do people protect their online databases from being downloaded?

bobriggs

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 648 posted 3:18 pm on Dec 6, 2001 (gmt 0)

Some users can turn off referer in their browser requests, e.g. Opera. And there are 3rd party utilities that strip from IE, etc, so those users won't get pages displayed correctly.

First someone would have to know the name of the database. But even if they did, you can place a database above the root. Scripts running on the server can access it, but there's no way to directly access it.

ralnikov

10+ Year Member



 
Msg#: 648 posted 10:44 am on Dec 7, 2001 (gmt 0)

knighty: you could create same script using any other server side scripting language
bobriggs: I agree with you; it's not a very smart solution...

knighty

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 648 posted 12:21 pm on Dec 7, 2001 (gmt 0)

OK thanks guys,

I thought there might be some little thing like modifying .htaccess but guess not eh?

gethan

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 648 posted 12:37 pm on Dec 7, 2001 (gmt 0)

Knighty

To some extent it could be done with mod_rewrite - in the same way that you can protect images from being used within other sites... but as smalltime says - the files will be in the browser cache -- may stop some though.

I haven't tried it and there maybe other unpleasant side effects.

Heres the info from the previous post.... if you try it let me know how it goes :)

[webmasterworld.com...]

ralnikov

10+ Year Member



 
Msg#: 648 posted 10:02 am on Dec 8, 2001 (gmt 0)

By the way, you could set 'expires' field of HTTP response to past. So I think browser wouldn't store CSS of JS locally, but will re-request that resource each time visitor accesses web page.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved