Welcome to WebmasterWorld Guest from 54.198.132.40

Forum Moderators: open

Message Too Old, No Replies

How to protect Javascript edits

Looking for best method

     
6:18 pm on Sep 19, 2008 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 27, 2006
posts: 62
votes: 0


I have an edit stored in a .js file which validates a field to make sure the value entered is one of 3 values. I'd like to be able to hide the 3 values so that no one will know them. Is there a way to keep visitors from downloading the associated .js file? Or what would be the best way to accomplish this?

Thanks for your help!

6:44 pm on Sept 19, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Mar 29, 2007
posts:1147
votes: 0


There is no way to stop people viewing your javascript.
7:04 pm on Sept 19, 2008 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 27, 2006
posts:62
votes: 0


I know I could validate the values off a server database and that would protect visitors from finding out the valid entries, but are there any other options? Thanks.
7:08 pm on Sept 19, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Mar 29, 2007
posts:1147
votes: 0


No. Do your validation on a server side script. There is no way to stop users viewing your javascript.

Even if you do make it look up the values off a server, a coder could very, very easily make your script do an alert to display the values after lookup.

8:07 pm on Sept 19, 2008 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 27, 2006
posts:62
votes: 0


So I can just have the javascript file with my edits run as a server side script? Can you point me to an explanation of how to do this? I looked around a bit but I haven't found any basic instructions, at least none that gave the details for me to get it done. Thank you again...I do appreciate it!
1:44 pm on Sept 21, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Mar 29, 2007
posts:1147
votes: 0


Can you point me to an explanation of how to do this?

Not exactly. There is no pre-made script to do what you want. But if you explain precisely what you want to do in the PHP or Perl forums I'm sure those guys will have something to hand.

8:54 pm on Sept 21, 2008 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 27, 2006
posts: 62
votes: 0


Ok- I think I understand. I need to rewrite my javascript client-side edit in Perl. I am submitting an email from the ASP page after running the javascript edit, so I guess I would add the Perl version of the edit in front of the sendmail. If I'm lost, please let me know. Thanks for your help!
7:11 pm on Sept 22, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Mar 29, 2007
posts:1147
votes: 0


Oh, ok you're using sendmail? Is this one of those 'enter these characters' things to protect against spam?

If you already have a Perl sendmail script, it would be much safer to put any validation in there. It's secure, users can't mess, so much more reliable.

8:49 pm on Sept 22, 2008 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 27, 2006
posts:62
votes: 0


I'm using a Perl sendmail script already, so I'll plan to add the edit right there. The field I'm editing isn't a spam protection field. Thanks for helping me sort thru this. I appreciate it!
9:45 pm on Sept 25, 2008 (gmt 0)

New User

5+ Year Member

joined:Sept 23, 2008
posts:6
votes: 0


There is a partial solution to your problem and is obfuscating your javascript files. This is a process in which the code is changed so not anyone can understand it though the funcionality is still the same.
This will avoid the need of server side scripting, although that's the right solution.
Try finding javascript obfuscators or compressors (this also reduces the size of files substantially).

Regards,

David

[edited by: engine at 10:35 am (utc) on Sep. 26, 2008]
[edit reason] no sigs/urls, thanks [/edit]

5:17 pm on Sept 26, 2008 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member fotiman is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 17, 2005
posts:4987
votes: 12


An obfuscator will not solve the problem, as the code can easily be reformatted/beautified into a readable format. And values (like the strings you're matching against) would not be changed. A server side solution is the only reliable solution.