Forum Moderators: open
At present, my external .js files are also within the
public_html directory; however, everyone is able to
type the name of these files in their browser address
bar and then be presented the javascript code - which
is not desired.
What numeric CHMOD should be applied to these, which:
Permits the world and group to execute the commands contained in these external files, but
Disallows display of the actual code contained
within the script to the world and group?
<clarification edit>
JavaScript is usually executed client side, not server side and will download a copy to the browsers cache before running it.</clarification edit>
Thank you for the clarification.
Is there a server side Perl
script I could use which
masks the .js files for
protection?
Like Dijkgraaf says: If you were to change the permisions so they couldn't see them, they would also stop working as the browser needs permision to read it.
Meaning -- if you make it impossible to request the JS by typing in the URL in the browser, then that will also prevent the browser from downloading it.
UNLESS you get really nifty and set a "security code" when the page including the script is requested, which, in turn, is used when the JS is requested and only works for a limited time (say 15 minutes). Without a valid security code, the JS would not run or be downloaded. This, of course, requires keeping track of the codes in a database.
Not too hard to set up, although not trivial either.
