Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Senior Coder
    Join Date
    Jun 2002
    Location
    Nashua, NH
    Posts
    1,724
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Protecting Scripts and Styles

    The following method should prevent users of client computer to access script and style code using the following techniques:
    - View (Page) Source - either through right-click, menu or shortcut key
    - Save As...
    - Temporary Internet Files Folder

    The suggested method uses server side scripting and is implemented using ASP.

    Your HTML file:
    Code:
    <html>
    <head>
    ...
    <script type="text/JavaScript">
    scriptsString='2,6,5';
    </script>
    <script type="text/JavaScript" src="ScriptLoader.js" ></script>
    ....
    ScriptLoader.js listing:
    Code:
    scripts=document.createElement('script');
    scripts.src='ScriptLoader.asp?Scripts=' + scriptsString;
    document.getElementsByTagName('head')[0].appendChild(scripts);
    Action is in ScriptLoader.asp
    Code:
    <%@ Language=VBScript EnableSessionState=False  %>
    <%Option Explicit%>
    <% Response.Buffer = True
       Response.Expires = 0    'Prevents caching of the content
    %>
    <%
    Dim strScripts
    Dim ipsp, iFNum
    Dim fso, file
    Dim strReferer
    Dim bRM = False
    
    Dim Scripts(13)
    Scripts(0) = "Script1.js"
    ...
    Scripts(13) = "Script13.js"   
    
    
        strReferer=Request.ServerVariables("HTTP_REFERER")
        'compare referer to the address of the page that uses the 
        'scripts and continue only if matches. This will allow access
        'only by your file 
    
        strScripts=Request.QueryString("Scripts")
        set fso = Server.Createobject("Scripting.FileSystemObject")
    
        While Len(strScripts) > 0
            ipsp = InStr(1,strScripts,",")
            If ipsp = 0 Then
                iFNum=CInt(strScripts)    
                strScripts=""
            Else    
                iFNum=CInt(Left(strScripts,ipsp-1))
                strScripts = Right(strScripts, Len(strScripts) - ipsp)
            End If
            set file = fso.opentextfile(Server.MapPath(Scripts(iFNum)), 1)     
            Response.Write(file.ReadAll)
            file.close
            set file = nothing
    
        Wend
        
        set fso = nothing
    
    %>
    Hope this will extinguish some of the code protection debates.
    If you see holes in the suggested approach let me know. It still does not protect from net traffic sniffers
    Vladdy | KL
    "Working web site is not the one that looks the same on common graphical browsers running on desktop computers, but the one that adequately delivers information regardless of device accessing it"

  • #2
    New to the CF scene
    Join Date
    Sep 2002
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    O.k..i've read through this page a few time and cos i'm good at this coding stuffs...can anyone tell me how to input all those codes on server side? How di go about doing it? On the HTML part is cleared that i need to paste the above mentioned codes. Please reply me if anyone knows..thanks.

  • #3
    Supreme Master coder! glenngv's Avatar
    Join Date
    Jun 2002
    Location
    Philippines
    Posts
    11,042
    Thanks
    0
    Thanked 250 Times in 246 Posts
    It has a syntax error in the line that says:

    Dim bRM = False

    In classic asp, you cannot declare variable with initial value.

    I tested the script but I think it does not work. (after correcting the syntax error)

    - the file is still cached on the client.
    - the content of js can still be viewed.

    The filename of the dynamic external script which is in asp (Scriptloader.asp) can be easily determined by viewing the content of ScriptLoader.js. If you got the filename, you can view its content by view-source: technique or even by just running that asp page with the correct querystring parameter.

    I think my version is more secure.
    I created it without knowing that Vladdy did it first.

  • #4
    Senior Coder
    Join Date
    Jun 2002
    Location
    Nashua, NH
    Posts
    1,724
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Yes it does not.... and nothing does. I admit the above code was a brainfart....
    Vladdy | KL
    "Working web site is not the one that looks the same on common graphical browsers running on desktop computers, but the one that adequately delivers information regardless of device accessing it"


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •