Is it possible to hide the content of a JavaScript file stored in the server and included in the web page client side. If it is possible, I want to realize it. I saw one such thing but when I have tried, it didn't work.
Have a look at it on this web site i visited by accident.
You can change the file permissions so the read it but not view it. 
Adri If I good understand your question for this problem I am using indexing in cPanel (advanced options). All files what I don't want to display in front of anyone I am putting in one folder. Then lock this folder with indexing and no one cannot read it content of folder but I can use files from it.
Sonam
Is it possible on frihost?
I don't really what you want to have but i guess you can just put those files in a secure folder where you add authorization in order to access.
Ok, but if you can explain me clearly how set that permission for me to try and see if that resolve my problem.
| Quote: |
| Is it possible on frihost? |
I think yes because I have this option in my cPanel here on Frihost (Advanced -> Index Manager).
| Quote: |
| I don't really what you want to have but i guess you can just put those files in a secure folder where you add authorization in order to access. |
I don't know how this working with password protected folder. I am try this once but when I want to include file the server is waiting for username and password. Of course I am not competente about this part of question.
SonamYou can't do this. The browser needs to have the script obviously for it to work. If the browser can get the script, nothing can stop the user from viewing the script short of obfuscation, which I wouldn't recommend.
| Agent ME wrote: |
| You can't do this. The browser needs to have the script obviously for it to work. If the browser can get the script, nothing can stop the user from viewing the script short of obfuscation, which I wouldn't recommend. |
Agent ME are giving me another idea. Maybe you think about AJAX. AJAX (actually JavaScript in correlation with server) get all information from server and small peace of code display this results. Maybe is this what you need???
Sonam | Agent ME wrote: |
| You can't do this. The browser needs to have the script obviously for it to work. If the browser can get the script, nothing can stop the user from viewing the script short of obfuscation, which I wouldn't recommend. |
Logically you are right, that is why I tried to understand the source code of the wayfaring website.
There is a file there, named mint.js.php which content is empty when I want to display it. Normal because of its extension. But according to its name, I assume it is a JavaScript file. Try to find out if it is possible. I tried but it doesnt work!
What can be behind that mecanism? 
| pollux1er wrote: |
| Agent ME wrote: | | You can't do this. The browser needs to have the script obviously for it to work. If the browser can get the script, nothing can stop the user from viewing the script short of obfuscation, which I wouldn't recommend. |
Logically you are right, that is why I tried to understand the source code of the wayfaring website.
There is a file there, named mint.js.php which content is empty when I want to display it. Normal because of its extension. But according to its name, I assume it is a JavaScript file. Try to find out if it is possible. I tried but it doesnt work!
What can be behind that mecanism? |
I guess that the mint.js.php file is exactly a PHP program file. It might load the content of some secure JS file and out in text/javascript document type. But before outputting the content, it might check some required conditions so you can not see it if you view it in alone mode.
I am trying to execute that process and will post the codes when it successes.Ok! Thanks for the help. Hope you'll succed!
| phucngo wrote: |
| pollux1er wrote: | | Agent ME wrote: | | You can't do this. The browser needs to have the script obviously for it to work. If the browser can get the script, nothing can stop the user from viewing the script short of obfuscation, which I wouldn't recommend. |
Logically you are right, that is why I tried to understand the source code of the wayfaring website.
There is a file there, named mint.js.php which content is empty when I want to display it. Normal because of its extension. But according to its name, I assume it is a JavaScript file. Try to find out if it is possible. I tried but it doesnt work!
What can be behind that mecanism? |
I guess that the mint.js.php file is exactly a PHP program file. It might load the content of some secure JS file and out in text/javascript document type. But before outputting the content, it might check some required conditions so you can not see it if you view it in alone mode.
I am trying to execute that process and will post the codes when it successes. |
Its an empty file. Really@ pollux1er
Its impossible. And if you try make make such a mechanism, then i am sure either you will lose a great proportion of your site visiters (by not displaying contents at all), and/or your mechanism will be very very insecure and any person javing medium level knowledge of js will find a solution to see the code, and in that case, he will be more destructive.
So, try to do the secret processing at server side.
I can explain if you need info.
The second solution, if you relly need Java Script, but you want to execute only in specific situations, you can use PHP file, valid inputs (or whatever) and then echo JavaScript from PHP file. But in that case you don't need double extensions and JavaScript tags in head part of html before your validaton is not done.
Sonam
Here is my very simple test, but it can satisfy the requirements some cases:
In js/myscript.js.php file:
| Code: |
<?php
//start session processing
session_start();
//reject if the url path is inputted directly in address bar
$referer = $_SERVER['HTTP_REFERER'];
if (strlen($referer) == 0 ){
$_SESSION['FID'] = "";
header("Cache-Control: no-store, no-cache");
header( "Content-type: text/html;" );
exit;
}
//reject if the url path lacks of FID parameter
if (strlen($_GET['FID']) == 0 ){
$_SESSION['FID'] = "";
header("Cache-Control: no-store, no-cache");
header( "Content-type: text/html;" );
exit;
}
//reject if the FID data is not the same between session and inputted parameter
if ($_SESSION['FID'] != $_GET['FID']){
$_SESSION['FID'] = "";
header("Cache-Control: no-store, no-cache");
header( "Content-type: text/html;" );
exit;
}
//clear FID data in session container
$_SESSION['FID'] = "";
//output JS code in case checking is OK
$Template = <<<JSSCRIPT
var myScript = 0;
function myAlertBox(message)
{
alert(message);
}
JSSCRIPT;
header("Cache-Control: no-store, no-cache");
header( "Content-type: text/javascript;" );
echo $Template;
?>
|
In test.php file:
| Code: |
<?php
//start session processing
session_start();
//generate a random FID data
$_SESSION['FID'] = md5('hide_js'.date('Ymdhis'));
//output main html content
$content = <<<HTML
<html>
<head>
<title>Untitled 2</title>
<script src="js/myscript.js.php?FID={$_SESSION['FID']}" type="text/javascript"></script>
<script languge="javascript">
function openAlertBox(message) {
try{
myAlertBox(message);
}
catch(err){}
}
</script>
</head>
<body>
<h2>Demo of hiddening JS code</h2>
<input type='button' name='test' value='Click me' onclick="openAlertBox('My alert function');" />
</body>
</html>
HTML;
header( "Content-type: text/html;" );
echo $content;
?>
|
When running the url: http://localhost/test.php , then click on the button 'Click me', an alert box is shown with 'My alert message' message.
But when inputting directly the url: http://localhost/js/myscripts.js.php?FID=.... (view source test.php to copy/paste the FID) , the browser and view-source form showed a blank screen. I also tried to download the content of myscript.js.php file by Gigabyte and FlashGet tools, the results were the same. They returned blank files.
The code is still blabla, but it is the main process I am investigating and improving. Any your comment is welcomed. 
| Code: |
//reject if the url path is inputted directly in address bar
$referer = $_SERVER['HTTP_REFERER'];
if (strlen($referer) == 0 ){
$_SESSION['FID'] = "";
header("Cache-Control: no-store, no-cache");
header( "Content-type: text/html;" );
exit;
}
|
This is not going to work always. Some browsers allow disabling referrer logging.
| Code: |
//reject if the url path lacks of FID parameter
if (strlen($_GET['FID']) == 0 ){
$_SESSION['FID'] = "";
header("Cache-Control: no-store, no-cache");
header( "Content-type: text/html;" );
exit;
} |
This is useless. If you remove it, the program will still work smoothly because the next test of comparison between the _GET and _SESSION will so this automatically.
| Code: |
| <script src="js/myscript.js.php?FID={$_SESSION['FID']}" type="text/javascript"></script> |
Masterpiece. Never thought that the combinition of GET and SESSION can be used in this way.
This is a nice try to hide a js file but i dont think that it will work at all (although the code works perfectly as intended).
There are some other problems associated:
1. What if the referer logging is disabled by the user? A part of the code will stop working.
2. That if the user just clicks 'File' in the IE window and saves the webpage? It will automatically save all the files that are associated with the current webpage (including js, css, imgs ).
3. The major problem is that the person trying to look at your js will definitely not be a stupid front end user.To: imagefree
Many thanks for your reviewing. Originally, I admitted the code is still blabla.
I have some comments inline.
1. What if the referer logging is disabled by the user? A part of the code will stop working.
--> I heard some browsers allow to do that, but I can not do on IE7.0 and Firefox3.0. Anyway, user still can not see the JS code behind.
2. That if the user just clicks 'File' in the IE window and saves the webpage? It will automatically save all the files that are associated with the current webpage (including js, css, imgs ).
--> Yes, you're right. I can download JS code by File->Save as... command in FireFox 
, not in IE as you commented. I am attempting to find the way to prevent it.
3. The major problem is that the person trying to look at your js will definitely not be a stupid front end user.
--> Do you know the way to see JS source code of mint.js.php file which wayfaring did if you are not a stupid front end user | imagefree wrote: |
| Its an empty file. Really |
I don't think it's a empty file. wayfaring website is professional. I don't believe they attached an usefulness file on their pages.
| phucngo wrote: |
| I don't think it's a empty file. wayfaring website is professional. I don't believe they attached an usefulness file on their pages. |
I thonk you are right, wayfaring is really a professioal website. Me too i have tried n the past to see the content of that mint.js.php file without suceeding. But do you think there is no issue? To see the content of that file?
I'm interested in the connection through the lightbox, the ajax request send behind!
How can I do it? Whe you click on Log In. | pollux1er wrote: |
I'm interested in the connection through the lightbox, the ajax request send behind!
How can I do it? When you click on Log In. |
You can do yourself by handling JS XMLHTTPRequest object to call remote public functions from a server.
However, you can use a small but effective toolkit, Sajax written by PHP scripts, which helps you perform login requirement as you mentioned.
Download Sajax via http://www.modernmethod.com/sajax/
| modernmethod.com wrote: |
Sajax (Simple Ajax Toolkit) is an open source tool to make programming websites using the Ajax framework — also known as XMLHTTPRequest or remote scripting — as easy as possible. Sajax makes it easy to call PHP, Perl or Python functions from your webpages via JavaScript without performing a browser refresh. The toolkit does 99% of the work for you so you have no excuse to not use it.
|
An upgraded version of the Sajax library (the upgrade supports complex javascript objects) is available as part of the open source toolkit at http://projektorange.com/
A sample of login function used Sajax at http://php.devquickref.com/php-simple-asynchronous-javascript-XML-AJAX-example-Sajax-remote-scripting.html
