Welcome to WebmasterWorld Guest from 54.144.243.34

Forum Moderators: open

How to protect Javascript edits

Looking for best method

   
6:18 pm on Sep 19, 2008 (gmt 0)

5+ Year Member



I have an edit stored in a .js file which validates a field to make sure the value entered is one of 3 values. I'd like to be able to hide the 3 values so that no one will know them. Is there a way to keep visitors from downloading the associated .js file? Or what would be the best way to accomplish this?

Thanks for your help!

6:44 pm on Sep 19, 2008 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



There is no way to stop people viewing your javascript.
7:04 pm on Sep 19, 2008 (gmt 0)

5+ Year Member



I know I could validate the values off a server database and that would protect visitors from finding out the valid entries, but are there any other options? Thanks.
7:08 pm on Sep 19, 2008 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



No. Do your validation on a server side script. There is no way to stop users viewing your javascript.

Even if you do make it look up the values off a server, a coder could very, very easily make your script do an alert to display the values after lookup.

8:07 pm on Sep 19, 2008 (gmt 0)

5+ Year Member



So I can just have the javascript file with my edits run as a server side script? Can you point me to an explanation of how to do this? I looked around a bit but I haven't found any basic instructions, at least none that gave the details for me to get it done. Thank you again...I do appreciate it!
1:44 pm on Sep 21, 2008 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Can you point me to an explanation of how to do this?

Not exactly. There is no pre-made script to do what you want. But if you explain precisely what you want to do in the PHP or Perl forums I'm sure those guys will have something to hand.

8:54 pm on Sep 21, 2008 (gmt 0)

5+ Year Member



Ok- I think I understand. I need to rewrite my javascript client-side edit in Perl. I am submitting an email from the ASP page after running the javascript edit, so I guess I would add the Perl version of the edit in front of the sendmail. If I'm lost, please let me know. Thanks for your help!
7:11 pm on Sep 22, 2008 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Oh, ok you're using sendmail? Is this one of those 'enter these characters' things to protect against spam?

If you already have a Perl sendmail script, it would be much safer to put any validation in there. It's secure, users can't mess, so much more reliable.

8:49 pm on Sep 22, 2008 (gmt 0)

5+ Year Member



I'm using a Perl sendmail script already, so I'll plan to add the edit right there. The field I'm editing isn't a spam protection field. Thanks for helping me sort thru this. I appreciate it!
9:45 pm on Sep 25, 2008 (gmt 0)

5+ Year Member



There is a partial solution to your problem and is obfuscating your javascript files. This is a process in which the code is changed so not anyone can understand it though the funcionality is still the same.
This will avoid the need of server side scripting, although that's the right solution.
Try finding javascript obfuscators or compressors (this also reduces the size of files substantially).

Regards,

David

[edited by: engine at 10:35 am (utc) on Sep. 26, 2008]
[edit reason] no sigs/urls, thanks [/edit]

5:17 pm on Sep 26, 2008 (gmt 0)

WebmasterWorld Senior Member fotiman is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



An obfuscator will not solve the problem, as the code can easily be reformatted/beautified into a readable format. And values (like the strings you're matching against) would not be changed. A server side solution is the only reliable solution.
 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month