------------------------------------------------ On Fri, 14 Feb 2003 09:12:52 -0800 (PST), Patricia Hinman <[EMAIL PROTECTED]> wrote:
> Thanks! > That does help. I was reading this page which talks > about unix and windows crypt(). > > http://www.tech.irt.org/articles/js164/ > > Now I'm wondering how to encrypt the password on the > client side. Is that possible? All the scripts are > visible from view source. But it makes just one more > step for a hacker to find your js file. Also I have > been to pages where they have hid the source. I wish I > knew how that was accomplished. > > http://weblock.com > These people provide encrypted pages. The problem is > the people who use my program would have to use > weblock also. > What I want is simple to hide or disable people from > downloading my js file. > To bad you didn't let us know this sooner ;-).... but oh well. It would seem that what Web Lock, or is that We Block ;-), handles is encrypted file transfers, granted loading of a web site is a file transfer, but the files transferred aren't intended to be loaded in a browser, at least not directly, and even still the source would be viewable *after* the decryption occurs, which doesn't solve your problem. So essentially they are providing the same thing https does with different encryption and providing it over http using key based encryption so that the original document can be re-attained through decryption. However this won't work for your purposes.... Because Javascript is *read* by the client on the client side it *must* be readable by the browser, and because it is readable by a browser there is no sure way to prevent someone from downloading your .js. It is possible to restrict who can view your js by using a normal authentication method, but then there is nothing to prevent a person with login rights from downloading the js, and sending to each of their best friends to view. There are measures that can be taken to make it harder for someone to get the source, but there is no way to prevent it. There is also little reason to, that I can see, most things that are done with javascript are relatively simple anyways, and since it is an open language so someone could rewrite it themselves, granted you might be delaying them. On the other hand, you are asking questions on a board where the language is GPL'd so you are not likely to find to many sympathetic posters when it comes to closing your source (especially web source).... http://danconia.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
