homepage Welcome to WebmasterWorld Guest from 54.211.213.10
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / JavaScript and AJAX
Forum Library, Charter, Moderator: open

JavaScript and AJAX Forum

    
How to protect Javascript edits
Looking for best method
S_Wagner




msg:3748128
 6:18 pm on Sep 19, 2008 (gmt 0)

I have an edit stored in a .js file which validates a field to make sure the value entered is one of 3 values. I'd like to be able to hide the 3 values so that no one will know them. Is there a way to keep visitors from downloading the associated .js file? Or what would be the best way to accomplish this?

Thanks for your help!

 

Dabrowski




msg:3748144
 6:44 pm on Sep 19, 2008 (gmt 0)

There is no way to stop people viewing your javascript.

S_Wagner




msg:3748162
 7:04 pm on Sep 19, 2008 (gmt 0)

I know I could validate the values off a server database and that would protect visitors from finding out the valid entries, but are there any other options? Thanks.

Dabrowski




msg:3748165
 7:08 pm on Sep 19, 2008 (gmt 0)

No. Do your validation on a server side script. There is no way to stop users viewing your javascript.

Even if you do make it look up the values off a server, a coder could very, very easily make your script do an alert to display the values after lookup.

S_Wagner




msg:3748218
 8:07 pm on Sep 19, 2008 (gmt 0)

So I can just have the javascript file with my edits run as a server side script? Can you point me to an explanation of how to do this? I looked around a bit but I haven't found any basic instructions, at least none that gave the details for me to get it done. Thank you again...I do appreciate it!

Dabrowski




msg:3749038
 1:44 pm on Sep 21, 2008 (gmt 0)

Can you point me to an explanation of how to do this?

Not exactly. There is no pre-made script to do what you want. But if you explain precisely what you want to do in the PHP or Perl forums I'm sure those guys will have something to hand.

S_Wagner




msg:3749184
 8:54 pm on Sep 21, 2008 (gmt 0)

Ok- I think I understand. I need to rewrite my javascript client-side edit in Perl. I am submitting an email from the ASP page after running the javascript edit, so I guess I would add the Perl version of the edit in front of the sendmail. If I'm lost, please let me know. Thanks for your help!

Dabrowski




msg:3749749
 7:11 pm on Sep 22, 2008 (gmt 0)

Oh, ok you're using sendmail? Is this one of those 'enter these characters' things to protect against spam?

If you already have a Perl sendmail script, it would be much safer to put any validation in there. It's secure, users can't mess, so much more reliable.

S_Wagner




msg:3749845
 8:49 pm on Sep 22, 2008 (gmt 0)

I'm using a Perl sendmail script already, so I'll plan to add the edit right there. The field I'm editing isn't a spam protection field. Thanks for helping me sort thru this. I appreciate it!

BuzzyDev




msg:3752217
 9:45 pm on Sep 25, 2008 (gmt 0)

There is a partial solution to your problem and is obfuscating your javascript files. This is a process in which the code is changed so not anyone can understand it though the funcionality is still the same.
This will avoid the need of server side scripting, although that's the right solution.
Try finding javascript obfuscators or compressors (this also reduces the size of files substantially).

Regards,

David

[edited by: engine at 10:35 am (utc) on Sep. 26, 2008]
[edit reason] no sigs/urls, thanks [/edit]

Fotiman




msg:3752853
 5:17 pm on Sep 26, 2008 (gmt 0)

An obfuscator will not solve the problem, as the code can easily be reformatted/beautified into a readable format. And values (like the strings you're matching against) would not be changed. A server side solution is the only reliable solution.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / JavaScript and AJAX
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved