No, because they have to be accessible by the browser. What you could do is a type of cloak. You could only give them up to IPs that have hit your sight in the last say maybe 3 seconds. That would allow the browser to get them but keep people from being able to past the file into the location window and downloading it. I don't think you could rely on referrer.

For those reading along ('cause I happen to know you know this already, tm) you can encode the js script with the MS script encoder. Negatives: I think it limits your browsers to IE5+ and handy DEcoders are available all over the web.

In order to run it, they have to download it. Once they download it, it's in the cache. If you use nocache tags, they still have the url in the history list and can get to it - even if you obfuscate the link calls with js.

I guess a combination of browser detection, timing restrictions and no-cache would work 99% of the time.

What about mod rewrite? Could I do a referring url rule?
<added> to clarify what I want to do is prevent someone from extracting the url of the script then downloading it</added>

That sounds like a decent solution, they can spoof their referrer to download it but if they know enough to do that then they will get it somehow anyway.

Wow - look at those times (great minds think aliker - erm, at least at the same time).

Time based is interesting, but the code is still going to be in the cache unless you use the no cache tag.

If someone wants to see the code, they can get it one way or another.

Once you have it setup, let us know and we'll have a race to see who can get to it the fastest. I'll open the bidding at under 2minutes.

I know what you're saying BT but I just want to thwart the casual web master who would place the url to the script in the browser and then download it (especially css sheets) to see what's in it. I'm doing some stuff with css that ain't rocket science but unless you dissect it you'll never understand why I did it that way or what it's really doing. I guess I'm trying to keep my little party to myself for as long as I can.

No use educating the "Meta-Masters" as long as I don't have to.

Do you have any non-public areas on your server where you could store the script and call it when needed?
There is an area on my host's server where I am able to call in files through a script and print them to the browser. The files can not be accessed straight from the browser (as far as I know).
I have tried it with a very simple PERL script and it does seem to work fine.

Basically you are saying "I want to give this string of bytes to anybody who asks for it, so that it executes on their machine. But I don't want anybody to steal this string of bytes from me."

Forget it. You're trying to have your cake and eat it too.