Vladdy
09-05-2002, 08:35 AM
The following method should prevent users of client computer to access script and style code using the following techniques:
- View (Page) Source - either through right-click, menu or shortcut key
- Save As...
- Temporary Internet Files Folder
The suggested method uses server side scripting and is implemented using ASP.
Your HTML file:
<html>
<head>
...
<script type="text/JavaScript">
scriptsString='2,6,5';
</script>
<script type="text/JavaScript" src="ScriptLoader.js" ></script>
....
ScriptLoader.js listing:
scripts=document.createElement('script');
scripts.src='ScriptLoader.asp?Scripts=' + scriptsString;
document.getElementsByTagName('head')[0].appendChild(scripts);
Action is in ScriptLoader.asp
<%@ Language=VBScript EnableSessionState=False %>
<%Option Explicit%>
<% Response.Buffer = True
Response.Expires = 0 'Prevents caching of the content
%>
<%
Dim strScripts
Dim ipsp, iFNum
Dim fso, file
Dim strReferer
Dim bRM = False
Dim Scripts(13)
Scripts(0) = "Script1.js"
...
Scripts(13) = "Script13.js"
strReferer=Request.ServerVariables("HTTP_REFERER")
'compare referer to the address of the page that uses the
'scripts and continue only if matches. This will allow access
'only by your file
strScripts=Request.QueryString("Scripts")
set fso = Server.Createobject("Scripting.FileSystemObject")
While Len(strScripts) > 0
ipsp = InStr(1,strScripts,",")
If ipsp = 0 Then
iFNum=CInt(strScripts)
strScripts=""
Else
iFNum=CInt(Left(strScripts,ipsp-1))
strScripts = Right(strScripts, Len(strScripts) - ipsp)
End If
set file = fso.opentextfile(Server.MapPath(Scripts(iFNum)), 1)
Response.Write(file.ReadAll)
file.close
set file = nothing
Wend
set fso = nothing
%>
Hope this will extinguish some of the code protection debates.
If you see holes in the suggested approach let me know. It still does not protect from net traffic sniffers
- View (Page) Source - either through right-click, menu or shortcut key
- Save As...
- Temporary Internet Files Folder
The suggested method uses server side scripting and is implemented using ASP.
Your HTML file:
<html>
<head>
...
<script type="text/JavaScript">
scriptsString='2,6,5';
</script>
<script type="text/JavaScript" src="ScriptLoader.js" ></script>
....
ScriptLoader.js listing:
scripts=document.createElement('script');
scripts.src='ScriptLoader.asp?Scripts=' + scriptsString;
document.getElementsByTagName('head')[0].appendChild(scripts);
Action is in ScriptLoader.asp
<%@ Language=VBScript EnableSessionState=False %>
<%Option Explicit%>
<% Response.Buffer = True
Response.Expires = 0 'Prevents caching of the content
%>
<%
Dim strScripts
Dim ipsp, iFNum
Dim fso, file
Dim strReferer
Dim bRM = False
Dim Scripts(13)
Scripts(0) = "Script1.js"
...
Scripts(13) = "Script13.js"
strReferer=Request.ServerVariables("HTTP_REFERER")
'compare referer to the address of the page that uses the
'scripts and continue only if matches. This will allow access
'only by your file
strScripts=Request.QueryString("Scripts")
set fso = Server.Createobject("Scripting.FileSystemObject")
While Len(strScripts) > 0
ipsp = InStr(1,strScripts,",")
If ipsp = 0 Then
iFNum=CInt(strScripts)
strScripts=""
Else
iFNum=CInt(Left(strScripts,ipsp-1))
strScripts = Right(strScripts, Len(strScripts) - ipsp)
End If
set file = fso.opentextfile(Server.MapPath(Scripts(iFNum)), 1)
Response.Write(file.ReadAll)
file.close
set file = nothing
Wend
set fso = nothing
%>
Hope this will extinguish some of the code protection debates.
If you see holes in the suggested approach let me know. It still does not protect from net traffic sniffers