and if you are on a cool os like os x and you use safari you can track every detail thats going on with the activities panel, which is ulta cool!!!
~Dave the disruptor~ google will pay you money to getting rid of ie :) http://explorerdestroyer.com/ http://www.killbillsbrowser.com/ ---------------------------------------- From: "Russ" <[EMAIL PROTECTED]> Sent: Wednesday, January 04, 2006 8:15 PM To: CF-Talk <[email protected]> Subject: RE: AJAX and security If you hit a webpage and it generates content (whether it's html, javascript, zip, etc), the browser tries to see whether it can display it, or it asks you whether you want to save or open it. I'm betting that if you create a cfm page that returns javascript, if the browser doesn't display it, it will let you save it... so... don't really see what you are trying to accomplish with that technique. Russ -----Original Message----- From: Jim Davis [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 04, 2006 7:53 PM To: CF-Talk Subject: RE: AJAX and security > -----Original Message----- > From: Russ [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 04, 2006 12:54 PM > To: CF-Talk > Subject: RE: AJAX and security > > Wouldn't it still send the javascript to the browser? Meaning the user > can > still view the source on it? Well - with an external JavaScript file most browser won't let you "view source" (I don't know of any that would). But the files would probably be available in a cache. Oh - and any HTTP sniffer (there are at least a few free ones out there) would allow you to see it. Personally the problems associated with the technique (the firewall issues somebody else mentioned) aren't worth since the technique just doesn't really work to protect your code - but it could cause problems for legitimate users. It might dissuade the casual observer... but the casual observer isn't going to try to get your code in the first place. ;^) If a technique won't stop even a moderately intelligent script-kiddie then I generally don't bother. Jim Davis ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:228409 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
