Protecting your JavaScript

Forum Moderators: open

Message Too Old, No Replies

Protecting your JavaScript

How can I do this.

fashezee

7:01 pm on Mar 2, 2003 (gmt 0)

When using JavaScript to perform certain actions; I link the respective JavaScript file
to my HTML page as follows:

However, I would like to prevent any user from downloading this file and viewing
the content. I have gone to some sites that have prevented me from downloading their
JavaScript file? How are they doing it? Also, is there away around it?

Does it have to the permissions assigned to the directory?

txbakers

7:29 pm on Mar 2, 2003 (gmt 0)

I don't think it's possible. If it's in the path of the web browser, it can be grabbed.

If you have it in a protected directory, then a login window will appear everytime the page needs to access the script file.

bcc1234

7:29 pm on Mar 2, 2003 (gmt 0)

There is no way to prevent people from downloading it.
In order for a browser to execute the script, the browser must first download it.

Some sites might do silly attempts to block the file, and it might work for non-savvy users, but there is no way to stop it.

[edited by: bcc1234 at 7:30 pm (utc) on Mar. 2, 2003]

g1smd

7:29 pm on Mar 2, 2003 (gmt 0)

You have to remember how a browser works. It downloads all of the files that make up the page: the HTML, CSS, images, etc. It puts them in a special directory called the cache, which is on the hard drive of the user.

Another part of the browser then takes those files, reads them, and displays them on the screen. Since the files are stored on the users hard drive, anyone can just go to that directory and look at them from there. There is no way to stop this.

g1smd

7:31 pm on Mar 2, 2003 (gmt 0)

Whoa! Three people in agreement, all at the same time.

fashezee

7:42 pm on Mar 2, 2003 (gmt 0)

The reason I would like to protect my JavaScript, is because I encoutered a site
that prevented me from downloading their JavaScript; is was not cached either.
I would like the same security on my site.

check your stickmails.

txbakers

7:52 pm on Mar 2, 2003 (gmt 0)

It's not protected. Not at all. Here is the javascript from that file:

Nothing to it.

[edited by: txbakers at 8:07 pm (utc) on Mar. 2, 2003]

g1smd

7:55 pm on Mar 2, 2003 (gmt 0)

You cannot protect it. It is always stored in the users cache on their hard drive, inside their computer.

macrost

3:24 pm on Mar 3, 2003 (gmt 0)

I have found a nice utility that will actually encode the script, but that won't stop a person from using it if they know what the use of the script is.
It's called microsoft script encoder.

[msdn.microsoft.com...]

Mac

[edited by: korkus2000 at 4:03 pm (utc) on Mar. 3, 2003]
[edit reason] Fixed Link [/edit]

rcjordan

4:27 pm on Mar 3, 2003 (gmt 0)

>microsoft script encoder

There are more than a few decoders out there. In short, you can deter the casual copier but the ones who are intent upon getting the code will do so.

txbakers

5:02 pm on Mar 3, 2003 (gmt 0)

I just downloaded and played with the WSE and it's fun. Although we noticed something funny with it. On plain HTML pages, the client scripts do indeed get encoded.

On ASP pages, the ASP code is encoded, but the client side script does not. Unless I'm doing something wrong.....

Did anyone else notice this?

macrost

6:57 pm on Mar 3, 2003 (gmt 0)

Hmm, I've tried a asp page that has client script, and it encoded just fine for me.
Mac

RonPK

6:26 pm on Mar 4, 2003 (gmt 0)

IIRC the encoder is a JScript-encoder, not a JavaScript-encoder. Pretty useless for the WWW, as there are other browsers around then IE.

Correct me if I'm wrong. This is what I remember from a couple of years ago.