homepage Welcome to WebmasterWorld Guest from 50.16.112.199
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / JavaScript and AJAX
Forum Library, Charter, Moderator: open

JavaScript and AJAX Forum

    
How to protect Javascript edits
Looking for best method
S_Wagner

5+ Year Member



 
Msg#: 3748126 posted 6:18 pm on Sep 19, 2008 (gmt 0)

I have an edit stored in a .js file which validates a field to make sure the value entered is one of 3 values. I'd like to be able to hide the 3 values so that no one will know them. Is there a way to keep visitors from downloading the associated .js file? Or what would be the best way to accomplish this?

Thanks for your help!

 

Dabrowski

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3748126 posted 6:44 pm on Sep 19, 2008 (gmt 0)

There is no way to stop people viewing your javascript.

S_Wagner

5+ Year Member



 
Msg#: 3748126 posted 7:04 pm on Sep 19, 2008 (gmt 0)

I know I could validate the values off a server database and that would protect visitors from finding out the valid entries, but are there any other options? Thanks.

Dabrowski

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3748126 posted 7:08 pm on Sep 19, 2008 (gmt 0)

No. Do your validation on a server side script. There is no way to stop users viewing your javascript.

Even if you do make it look up the values off a server, a coder could very, very easily make your script do an alert to display the values after lookup.

S_Wagner

5+ Year Member



 
Msg#: 3748126 posted 8:07 pm on Sep 19, 2008 (gmt 0)

So I can just have the javascript file with my edits run as a server side script? Can you point me to an explanation of how to do this? I looked around a bit but I haven't found any basic instructions, at least none that gave the details for me to get it done. Thank you again...I do appreciate it!

Dabrowski

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3748126 posted 1:44 pm on Sep 21, 2008 (gmt 0)

Can you point me to an explanation of how to do this?

Not exactly. There is no pre-made script to do what you want. But if you explain precisely what you want to do in the PHP or Perl forums I'm sure those guys will have something to hand.

S_Wagner

5+ Year Member



 
Msg#: 3748126 posted 8:54 pm on Sep 21, 2008 (gmt 0)

Ok- I think I understand. I need to rewrite my javascript client-side edit in Perl. I am submitting an email from the ASP page after running the javascript edit, so I guess I would add the Perl version of the edit in front of the sendmail. If I'm lost, please let me know. Thanks for your help!

Dabrowski

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3748126 posted 7:11 pm on Sep 22, 2008 (gmt 0)

Oh, ok you're using sendmail? Is this one of those 'enter these characters' things to protect against spam?

If you already have a Perl sendmail script, it would be much safer to put any validation in there. It's secure, users can't mess, so much more reliable.

S_Wagner

5+ Year Member



 
Msg#: 3748126 posted 8:49 pm on Sep 22, 2008 (gmt 0)

I'm using a Perl sendmail script already, so I'll plan to add the edit right there. The field I'm editing isn't a spam protection field. Thanks for helping me sort thru this. I appreciate it!

BuzzyDev

5+ Year Member



 
Msg#: 3748126 posted 9:45 pm on Sep 25, 2008 (gmt 0)

There is a partial solution to your problem and is obfuscating your javascript files. This is a process in which the code is changed so not anyone can understand it though the funcionality is still the same.
This will avoid the need of server side scripting, although that's the right solution.
Try finding javascript obfuscators or compressors (this also reduces the size of files substantially).

Regards,

David

[edited by: engine at 10:35 am (utc) on Sep. 26, 2008]
[edit reason] no sigs/urls, thanks [/edit]

Fotiman

WebmasterWorld Senior Member fotiman us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 3748126 posted 5:17 pm on Sep 26, 2008 (gmt 0)

An obfuscator will not solve the problem, as the code can easily be reformatted/beautified into a readable format. And values (like the strings you're matching against) would not be changed. A server side solution is the only reliable solution.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / JavaScript and AJAX
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved