wow thats a lot of work to hide JS.
Brad.. what is in your JS that you want to hide it that bad? ----- Original Message ----- From: "Jochem van Dieten" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, July 30, 2003 8:41 AM Subject: Re: Here's An Example: WAS [Hiding Javascript Source] > Brad Roberts wrote: > > > The problem lies in the browser caching the page... anyway to get around > > that? > > > > You really can't rely on http_referrer... Here's what I'm doing (in a > > nutshell). > > > > Caller page: > > ----------------- > > > > <cfset server.id = createUUID()> > > <script language="Javascritpt" src="myJavascript.cfm?id=#id#"> > > > > Javascript page: > > ----------------- > > > > <cfif compareNoCase(url.id, server.id) OR len(url.id) EQ 0> > > .. hacker > > <cfelse> > > <cfset server.id = ""> > > </cfif> > > > > javascript code here....... > > If I wanted to make it more difficult (not impossible) for > somebody to get to the source of my javascript I would use a > combination of mechanisms. First, on the page referring to the > javascript set a cookie, then use a <script ...> to link to the > javascript. > On the server, check both the referrer and the presence of the > cookie and make sure the javascript is encrypted with the cookie > as the key. From the first page, decrypt the javascript and > execute it (you can do eval() on a variable that is just a bunch > of javascript, right?). Make sure the last command from the > decrypted javascript is to delete the cookie. > > This bypasses the caching problem, because an encrypted version > is cached, and you throw the key away as soon as it is decrypted. > But with the right tools to track HTTP headers, this is still > easy to bypass. > > Jochem > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
