Ok, ok . . . let's change the word "hide" to "obscure" - Not readily noticed
or seen; inconspicuous
(http://www.dictionary.com/cgi-bin/dict.pl?term=obscure). I understand that
Javascript is client-side and can't truly be hidden - but I also understand
that not very many people are going to install a recording proxy server to
capture my javascript. Just because it is "impossible" to hide Javascript
and everything else being passed from the browser to the server, doesn't
mean it is impossible to obscure it so only the truly curious will get
access to it. The point here is that if I have something that is "cool" and
I "obscure" it, the people who are going to be able to get to it could have
figured out how to do the "cool" thing in the first place!
Dan
-----Original Message-----
From: Dave Watts [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 02, 2000 9:07 AM
To: '[EMAIL PROTECTED]'
Cc: 'Dan Haley'
Subject: RE: Comment out Javascript in browser but not ColdFusion?
> If there were a way to keep the browser from caching
> javascript, then I can hide it. I've been playing around
> with this every once in awhile, and thought I had it, but
> IE caches the javascript and allows a workaround. My
> method is to call the javascript as such <script
> type="text/javascript" src="js.cfm">. Since the source
> of the javascript is a .cfm file I can then include
> conditional logic to keep it from being viewed directly,
> but I have to use different code for IE and for Netscape.
> It works, just IE allows the workaround because the javascript
> is cached and it doesn't go back to the server, which means
> I can't validate the source of the request.
In any case, whether IE cached JavaScript source files or not (and for
performance reasons, caching JavaScript is a good thing), it wouldn't
matter. You can't prevent someone from looking at something that a browser
can receive. You might be able to make it slightly more difficult, but if
they're that interested, they can see it.
As a good example of this, try out a recording proxy server, which you can
install on the machine with the browser. It'll track and record the entire
request-response cycle, writing it to a text file. These things are very
easy to set up and use.
Brendan Avery put it succinctly and accurately:
"anything... ANYTHING that gets sent to the browser, whether it be a
quicktime file, to javascript, to css, to an applet, to WHATEVER -- can be
saved/requested/etc by any client."
To extend that in a slightly different direction, any request data sent from
the client is completely manipulable - cookies, HTTP referers, hidden form
fields, anything!
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
------------------------------------------------------------------------------
To unsubscribe, send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body or visit the list page at www.houseoffusion.com
