I know, you cannot for sure, 100% hide it... Cgi variables can be spoofed. Still better than leaving it wide open if you want to lock it down...
It's like your house. Just because someone can break a window doesn't mean you should leave the door unlocked. Nothing is really 100% secure. But it protects you from everyone but the elite hacker. The only way for one to do this is if they know how to pass their own http headers. And then they need to know that you're looking at that particular cgi variable, and they need to know what you're comparing to as well. Too much trouble for a little piece of javascript IMHO... -----Original Message----- From: Raymond Camden [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 5:48 PM To: CF-Talk Subject: RE: Hiding JavaScript codes However, you can fake the referer value. Repeat after me - you cannot hide JavaScript. JavaScript is run on the client. Therefore the client (and therefore the user) MUST have access to it. ======================================================================== === Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc (www.mindseye.com) Member of Team Macromedia (http://www.macromedia.com/go/teammacromedia) Email : [EMAIL PROTECTED] Blog : www.camdenfamily.com/morpheus/blog Yahoo IM : morpheus "My ally is the Force, and a powerful ally it is." - Yoda > -----Original Message----- > From: Costas Piliotis [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 03, 2003 7:40 PM > To: CF-Talk > Subject: RE: Hiding JavaScript codes > > > Actually, you kind of can I think... > > You can use a cfm file as a .js file to emulate a javascript > file. Change the extension to .cfm... Careful, cf studio > won't correctly parse it, but nonetheless it'll work... Just > tested it. > > <cfparam name="cgi.http_referer" default=""> > <cfif cgi.http_referer eq ""><cfabort></cfif> at the top. > > Then, in your script, just enter: > <script language="javascript" src="temp.cfm"></script> > > In THEORY, the .js will come up blank unless it's called from > another file on your site. > > Tweak it as you wish. It should keep prying eyes from > reading your .js file. > > This isn't 100% bulletproof, but should work for the most > part. You can of course get more anal on the file and verify > the referer more carefully. > > > -----Original Message----- > From: Dave Watts [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 03, 2003 11:35 AM > To: CF-Talk > Subject: RE: Hiding JavaScript codes > > > > The part I'm not sure about is, that it maybe possible to put the > > javascript.js file in a non-web directory. > > This isn't possible. If you don't put it in a web-accessible > directory, your web browser won't be able to fetch it. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > voice: (202) 797-5496 > fax: (202) 797-5444 > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
