If you develop for the web, expect your stuff to be viewable. People have for years attempted to prevent downloading of images, movies, source code. Images have been "protected" by disabling right-click and using background-image css (that I know of). Movies have attempted to do it by not sending the entire film at once, but in pieces. And source code by attempting to prevent right-click and view source. None of these work. It doesn't take a genius to get around them.
If someone wants to see javascript code, they can (in Firefox pre-3.5 and all other browsers): View source Find the javascript link Copy and paste into URL Your code has been seen In Firefox 3.5, they can just click on the URL in the source code. Of course, IE8, Safari, and Chrome all come with a debugger built-in that let you see the source code of all requests. Plus, you proprietary source code is cached on the persons machine so they can pull it from there. So, your suggestion is pretty much useless. Far too many ways to get to the code without needing Firebug and that are easier or just as easy. If you want to protect your intellectual property, then don't use javascript. Trevan -----Original Message----- From: firebug@googlegroups.com [mailto:fire...@googlegroups.com] On Behalf Of Rako Sent: Monday, July 06, 2009 11:40 AM To: Firebug Subject: Re: New Activation Model Alfonsoml, you seem to ignore the fact, that the javascript code in separate modules is not displayed when showing the page. It is accessable only by using firebug or a similar product. A lot of people protect their intellectual property by obfuscating their code. There were demands, that Firebug should help them in reverse engineering. This reverse engineering is done probably to steal someone's code. I must assume, that you object to my proposal, because you may want to use code developed by someone else. My proposal is simple and realistic. I am long enough in this profession (since 1962) to be able to judge, what can be done with reasonable effort. The security of proprietary code IS a legally binding obligation for such programs. Without that FB could even be classified as spyware and its authors could be prosecuted. This is what MUST be avoided. I love Firebug (although I have not used it for the last few month) and I would not like its developers get into trouble because some thiefs or saboteours. Because knowing how the hidden javascript operates, you could circumwent the safety measures programmed there. . I suppose you wrote your post, because you are not experienced enough and not because you plan some mischief. As for a a sign-on and accepting an agreement, I have that on my site. Not only because of the design and javascript code, but also because of its contents: there are a number of historical documents there, which are first published at my site and have to be protected. On Jul 6, 12:49 pm, alfonsoml <aml...@gmail.com> wrote: > Please, get back to reality. > > Firebug only shows what the server has sent. If you care so much about > your intellectual property then force everyone that access your site > to sign an agreement. There's no law anywhere that would avoid showing > the source of a page, and that's basically what Firebug does. > > Talking about this kind of ideas is just wasting the time of everyone > as they aren't realistic. > > Let's focus on the UI of Firebug and how it can be modified to work > better. > > On Jul 6, 12:38 pm, Rako <mscam...@rakovszky.eu> wrote: > > > But that is > > 1.) confusing > > 2.) causes extra work > > There should be an "off for all pages" rule, which would not allow > > exceptions, thus you could switch FB off even for the site(s) you are > > testing. > > No exceptions would be allowed. > > The rule "off for all pages, except" would be the current "off for > > all pages" rule. > > Thus when I add new pages, etc to my site, I could set the "off for > > all pages" rule until I need FB to debug the javascript, when I would > > switch to the "off for all pages except" rule, which specifies my > > exception(s). > > It is questionable, whether the "on for all pages" rule is legally > > allowed. > > My code is my intelectual property protected by national and > > international copyright laws. I might even sue anyone stealing my code > > for his site. > > Thus FB should prevent intelectual theft, not encourage it. I read a > > number of posts from people who state, that they use FB for reverse > > engineering. > > These request should not be complied with. > > I would go even further to prevent such misdemanour: there should be a > > kind of "password" protection that would allow only the owner(s) to > > run FB on their site. > > When entering an exception, a password should be entered (cookie?) > > which would be sent to a "Firebug" module at the website. This would > > be a PHP module slightly modified by the user using a small standalone > > program and then stored on the server. > > This standalone program would ask for the new name of the module, the > > passport and for a choice of passport encryption/security routines. > > FB could be activated for a site only when: > > 1.) the named security-module exists at the site > > 2.) the the password is correct, in which case an "Allow" reply would > > be sent. This would depend on the selected security routine. > > > Of course you could argue: > > 1.) it is not your job to prevent theft of code: > > As you provide means for this theft, the courts may not accept this > > argument > > 2.) if someone really wants it, he can find ways to get around this > > security feature. > > If someone is able to do that, than he is able to develop the code for > > his page himself, does not need to steal the code. > > If he than puts his solution on the internet, HE is commiting a crime, > > and all those, who use it to steal code. > > 3.) Stupid/lazy people do not program their sites themself, but use > > such programs that provide code off the shelf, ignoring the fact, that > > these, being jacks of all trade, mean a huge overhead for each page. > > Most of these programs cost a lot of money and buying pirated code > > would be cheaper. > > > On Jul 4, 4:57 pm, johnjbarton <johnjbar...@johnjbarton.com> wrote: > > > > The option "Off for all pages, except" is already implemented. Here > > > is how you use it: > > > > First, please note that you do not need to select any option to cause > > > "off for all pages", because Firebug is off by default. So the only > > > part you need to concentrate on is "except". > > > > To create an exception to the "off for all pages" rule, do the > > > following: > > > 1) open the site you want to debug > > > 2) press the firebug status bar icon. > > > Firebug will open and put that site on the white list. From now on > > > that page will be "except". > > > > jjb > > > > On Jul 4, 4:50 am, Rako <mscam...@rakovszky.eu> wrote: > > > > > Having read this discussion, I think there should be two options: > > > > "On for all pages, except" > > > > "Off for all pages, except" > > > > This would be easy to understand. For both there would be an > > > > exceptions-list, or a number of alternative lists. > > > > Thus you could have alternative selection of sites or pages within the > > > > sites and choose the selection you currently want. > > > > To implement these, a small off-line settings program could be > > > > written: > > > > The user can create the selections before beginning with the on-line > > > > tests. During the tests he could merely choose between the selections. > > > > Under Windows, these can easily be stored in the registry. If you > > > > want, I can let you have some "Read/save Combo-box contents" functions > > > > (VB6+API) or a small stand-alone program to create such selections. > > > > > On Jul 2, 5:49 pm, johnjbarton <johnjbar...@johnjbarton.com> wrote: > > > > > > On Jul 2, 8:20 am, jjj <jason31...@gmail.com> wrote: > > > > > > > Then tell me why turning 'on for all pages' causes firebug to fail > > > > > > to > > > > > > turn on while browsing in firefox? > > > > > > I don't know why this does not work for you. It works for me. > > > > > > > Can you confirm that by turning 'on for all pages', firebug stays on > > > > > > for every single page until you explicitly turn it off? > > > > > > I can confirm that Firebug will stay on for me if I select "on for all > > > > > pages" then visit a set of completely different sites. > > > > > > Here is are the specifics: > > > > > 1) Open Firefox 3.5 with Firebug 1.5a7. > > > > > 2) Right click Firebug Icon, select On for all Web Pages. > > > > > 3) Openwww.google.comfirebugisup > > > > > 4) search for "foo" and click on the first > > > > > result,http://en.wikipedia.org/wiki/Foo; > > > > > Firebug is up. > > > > > 5) typehttp://www.ibm.comintothelocationbar, hit enter. Firebug > > > > > is up > > > > > > Does this work for you? > > > > > > Based on my tests and the fact that other users have used this option > > > > > successfully, it's my guess that the reason it fails for you is > > > > > related to some property of your environment. A simple and effective > > > > > test for this is create a new Firefox profile, install Firebug, and > > > > > restart. > > > > > > jjb --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Firebug" group. To post to this group, send email to firebug@googlegroups.com To unsubscribe from this group, send email to firebug+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/firebug?hl=en -~----------~----~----~----~------~----~------~--~---
