> -----Original Message----- > From: Russ [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 04, 2006 12:54 PM > To: CF-Talk > Subject: RE: AJAX and security > > Wouldn't it still send the javascript to the browser? Meaning the user > can > still view the source on it?
Well - with an external JavaScript file most browser won't let you "view source" (I don't know of any that would). But the files would probably be available in a cache. Oh - and any HTTP sniffer (there are at least a few free ones out there) would allow you to see it. Personally the problems associated with the technique (the firewall issues somebody else mentioned) aren't worth since the technique just doesn't really work to protect your code - but it could cause problems for legitimate users. It might dissuade the casual observer... but the casual observer isn't going to try to get your code in the first place. ;^) If a technique won't stop even a moderately intelligent script-kiddie then I generally don't bother. Jim Davis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228406 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
