> If there were a way to keep the browser from caching
> javascript, then I can hide it. I've been playing around
> with this every once in awhile, and thought I had it, but
> IE caches the javascript and allows a workaround. My
> method is to call the javascript as such <script
> type="text/javascript" src="js.cfm">. Since the source
> of the javascript is a .cfm file I can then include
> conditional logic to keep it from being viewed directly,
> but I have to use different code for IE and for Netscape.
> It works, just IE allows the workaround because the javascript
> is cached and it doesn't go back to the server, which means
> I can't validate the source of the request.
In any case, whether IE cached JavaScript source files or not (and for
performance reasons, caching JavaScript is a good thing), it wouldn't
matter. You can't prevent someone from looking at something that a browser
can receive. You might be able to make it slightly more difficult, but if
they're that interested, they can see it.
As a good example of this, try out a recording proxy server, which you can
install on the machine with the browser. It'll track and record the entire
request-response cycle, writing it to a text file. These things are very
easy to set up and use.
Brendan Avery put it succinctly and accurately:
"anything... ANYTHING that gets sent to the browser, whether it be a
quicktime file, to javascript, to css, to an applet, to WHATEVER -- can be
saved/requested/etc by any client."
To extend that in a slightly different direction, any request data sent from
the client is completely manipulable - cookies, HTTP referers, hidden form
fields, anything!
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
