Welcome to WebmasterWorld Guest from 184.108.40.206
In answer to your original question, you can "sort of" use .htaccess to stop direct type-in access, but at the cost of losing visitors who access your site from behind corporate firewalls, or those with firewalls or internet security software installed at home.
You could also implement some kind of fancy session tracking to make sure that anyone requesting a .js file has loaded the containing html page, but that would then require you to disable caching of the containing page in order to ensure that it was always loaded from your server. And that would slow down your user's experience and increase your server load.
I found it easier to just "get over it" in most cases. YMMV.
If you release your code to be run elsewhere, then they can reverse engineer it. Not even moving to Java or C will help you.
You can always invite them over to your house to play the game on your computers...
Beyond the suggestions mentioned here, there are NO other solutions. What you are asking is not technically possible. It someone wants your JS code, they will find a way to get it.
>> simply being able to take the source right out of my own .html files nad stick it ont heir site is out of hte question.
Then you need to use a non-web technology surely. HMTL, JS etc, its all explicitly designed to be open technology, to facilitate sharing. Its one of the reasons that security is so damn hard in ecommerce for instance. You have to create at best an extra layer (SSL), maybe a different protocol (HTTPS), or ultimately a proprietory, non-open system (EDI springs to mind) to have any chance of securely exchanging c/c details etc and then someones just going to leave all the c/c details on a database thats open to HTTP calls. D'oh!
What you really need is a non-open equivalent, your own proprietory file format etc, similar to Flash in that regard, I suppose. Then you supply a plug-in for the browser, and the files go up as meaningless binary files, useless unless you can decode them with the plugin.
[edited by: Woz at 6:39 am (utc) on July 2, 2003]
[edit reason] No URLs please, TOS#13. [/edit]
Alternatively, I could just access your page the regular way, and have a packet sniffer grabbing your source as it flows into my machine.
I doubt it would take any single person determined to get your JS more than an hour to download it and email it all to you. Certainly no more than a day.
Care to sticky me a URL, and email?
Oh and for all you who think you can do it with js debuggers and so on, its in a .php not .js file,
so no, you can not download the code, and js debuggers will not work since the code is stored
server side unless the script is given the correct arguements from the correct file.