受密码保护的文件夹中的JavaScript? [英] JavaScript in Password Protected Folder?
问题描述
大家好,
我试图隐藏我的JavaScript源代码。我选择的方法是
将所有重要源保存在受密码保护的文件夹中,然后
使用SRC =" folder / script.js"把它包含在我的代码中。这样,
脚本将运行,但用户将无法查看包含的
代码。或者我认为:)。
我尝试过这种方法,它似乎有效。但是,我想
知道你是否能看到任何问题。例如,你可以想想一种绕过这个并获得script.js的方法吗?您是否可以预见
由于保留脚本而导致的任何问题
密码保护文件夹?还有其他任何安全问题吗?
提前致谢。
< xm **** @ yahoo.com>在消息中写道
news:4a ************************** @ posting.google.c om ...我试图隐藏我的JavaScript源代码。
为什么?
我选择的方法是将所有重要来源保存在受密码保护的文件夹中,然后使用SRC =" ; folder / script.js"
将其包含在我的代码中。这样,脚本就会运行,但是用户将无法查看包含的代码。
或者我认为:)。
你错了。
我尝试过这种方法,似乎有效。
任何了解javascript以便能够做任何事情的人
对源有用可能会知道几种查看方式
来源一旦他们有权访问导入它的页面。
但是,我想知道你是否能看到任何问题
。例如,你能想出绕过这个并获得script.js的方法吗?你能预见到由于将脚本保存在受密码保护的文件夹后会出现的任何问题吗?还有其他安全问题吗?
它不会起作用。您可以限制对该页面的访问,但是一旦有人有权访问,他们就可以阅读源代码,因为您将向他们发送源代码。
br $>
Richard。
xm **** @ yahoo。 com 写道:
我试图隐藏我的JavaScript源代码。我选择的方法是将所有重要源保存在受密码保护的文件夹中,然后使用SRC =" folder / script.js"把它包含在我的代码中。这样,
脚本将运行,但用户将无法查看包含的代码。或者我认为:)。
如果客户的浏览器可以在没有
登录的情况下加载脚本,我会感到惊讶,如果是这样的话这是你的网络服务器中的安全漏洞。另外
这将*永远*隐藏你的脚本,一旦浏览器加载它们
它们在缓存中可用(读取:在某处的磁盘上)或只需在浏览器中查看它们即可获得
。这是不可能隐藏JavaScript
源代码。
干杯,
Guido
xm****@yahoo.com 写道:< blockquote class =post_quotes>大家好,
我试图隐藏我的JavaScript源代码。我选择的方法是将所有重要源保存在受密码保护的文件夹中,然后使用SRC =" folder / script.js"把它包含在我的代码中。这样,
脚本将运行,但用户将无法查看包含的代码。或者我认为:)。
我尝试过这种方法,它似乎有效。但是,我想知道你是否能看到任何问题。例如,你能想到绕过这个并获得script.js的方法吗?你能预见到由于将脚本保存在受密码保护的文件夹后会出现的任何问题吗?还有其他安全问题吗?
在IE中打开您的页面。
文件>另存为并保存。
Theres .js文件,在一个文件夹中。
-
Randy
机会有利于准备好的心灵
comp.lang.javascript常见问题 - http://jibbering.com/faq/
Hi All,
I am trying to hide my JavaScript source. The method I chose was to
keep all the important source in a password protected folder, and then
use a SRC="folder/script.js" to include it in my code. This way, the
script will run, but the user will be unable to view the included
code. Or so I think :).
I have tried this method, and it seems to work. However, I would like
to know if you can see any problems with this. For instance, can you
think of a way to bypass this and get at script.js? Can you foresee
any problems that would arise as a result of keeping scripts behind
password protected folders? Any other security concerns?
Thanks in advance.
<xm****@yahoo.com> wrote in message
news:4a**************************@posting.google.c om...I am trying to hide my JavaScript source.
Why?
The method I chose was to keep all the important source in
a password protected folder, and then use a SRC="folder/script.js"
to include it in my code. This way, the script will run, but
the user will be unable to view the included code.
Or so I think :).
You are wrong.
I have tried this method, and it seems to work.
Anyone who knows enough about javascript to be able to do anything
useful with the source will probably know several ways of viewing the
source once they have access to the page that imports it.
However, I would like to know if you can see any problems
with this. For instance, can you think of a way to bypass
this and get at script.js? Can you foresee any problems
that would arise as a result of keeping scripts behind
password protected folders? Any other security concerns?
It isn''t going to work. You can restrict access to the page but once
someone has access they can read the source code, because you will be
sending them the source code.
Richard.
xm****@yahoo.com wrote:
I am trying to hide my JavaScript source. The method I chose was to
keep all the important source in a password protected folder, and then
use a SRC="folder/script.js" to include it in my code. This way, the
script will run, but the user will be unable to view the included
code. Or so I think :).
It would surprise me if a client''s browser can load the script without
having to log in, if so that''s a security bug in your webserver. Also
this will *never* hide your scripts, as soon as the browser loads them
they''re available either in the cache (read: on disk somewhere) or just
by viewing them in your browser. It''s not possible to hide JavaScript
source code.
Cheers,
Guido
xm****@yahoo.com wrote:Hi All,
I am trying to hide my JavaScript source. The method I chose was to
keep all the important source in a password protected folder, and then
use a SRC="folder/script.js" to include it in my code. This way, the
script will run, but the user will be unable to view the included
code. Or so I think :).
I have tried this method, and it seems to work. However, I would like
to know if you can see any problems with this. For instance, can you
think of a way to bypass this and get at script.js? Can you foresee
any problems that would arise as a result of keeping scripts behind
password protected folders? Any other security concerns?
Open your page in IE.
File>Save As and save it.
Theres the .js file, in a folder all of its own.
--
Randy
Chance Favors The Prepared Mind
comp.lang.javascript FAQ - http://jibbering.com/faq/
这篇关于受密码保护的文件夹中的JavaScript?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
