Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security issues with .js file

Status
Not open for further replies.
cthaxter

cthaxter

Programmer
Aug 2, 2001
71
US
I'm wondering what experience people have with .js files and security issues. Is using .js files as opposed to leaving the script in the html files a good way to hide one's script?

I tried downloading someone else's .js file by looking at the source of the webpage, looking at the <script> tag, and typing the proper path into my address bar. It didn't seem to work. That gave me hope that .js files are hidden from the clients; but in searching through all the threads of this forum, I found only one thread that touched on this issue, and it seemed to indicate that clients COULD view .js files.

My first question is: to what extent are .js files safe from general users?

My second question is: what is the best way to hide client-side script from general users?

If server-side script is the best answer to this problem, then it'll have to do... but I'd like to know where client-side script security ends and server-side script security begins.

Thanks.

-Christopher
 
Sort by date Sort by votes
Vieving or not external js files depends on settings of a browser.
NS does not allow to view or download them, but IE does allow download - so you can view the source on your computer.
The trick to download a js file from NS is to have a html file which include a link:
<a href=&quot; it</a>
Look that file in the browser and instead of clicking the link - right click and choose &quot;Save link as&quot; - it will save wanted js on your hard drive.
Most users know similar tricks, so the included js are not secure.
 
Upvote 0 Downvote
Somebody sure doesn't seem to understand the &quot;hide.&quot;

As far as I know, there are no security issues with loading an external script. You can even load scripts across domains.

You're probably doing something wrong when declaring your script tags.
[COLOR=aa0000]
Code: 
<script type=&quot;text/javascript&quot; src=&quot;myScript.js&quot;></script>
<script type=&quot;text/javascript&quot;>
// Code in the webpage
</script>
[/color]

The main problem that I've seen people run across while including an external script happens when they attempt to put code inside the <script> tag that includes the external file. If you include an external script, any code within the <script> tag will not be executed, while the code from the external script will be executed.
Code: 
- UNIMENT
 
Upvote 0 Downvote
you could use obfuscating techniques such as scramblers (little programs that make your JS code smaller and changes the names of all functions like Jmyth).

However I wouldn't count on Javascript for security. It wasn't meant to be just that. If you want password protection or something similar I recommend PHP or Java (PHP is easy to learn and implement almost anywhere, java although easy to learn takes a bigger setup to run).

If you simply want to protect your code from copying, put a copyright notice and sue the pants off whoever copies your code. But in most cases javascript code is so darn simple that having a copyright on it is like trying to copyright the phrase &quot;Did I do that?&quot; as a trademark.

Microsoft did come out with a script encoding (supported by Internet Explorer only) but there exist all kinds of cracks to read those scripts and is thus not a viable solution for securing important information.

My rule of thumb : don't spend time hiding JS code. If code needs to be hidden server side code is better.

Gary &quot; Haran
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jomat
  • Locked
  • Question
JS to show the timer in html under title instead of in the status bar
Replies
2
Views
944
xwb
xwb
jimoo
  • Locked
  • Question
How execute JS
Replies
3
Views
1K
xwb
xwb
penguinspeaks
  • Locked
  • Question
How do I pass a classic asp variable to JS
Replies
1
Views
1K
xwb
xwb
penguinspeaks
  • Locked
  • Question
JS Open print dialog page to print a file
Replies
0
Views
372
penguinspeaks
penguinspeaks
TheLazyPig
  • Locked
  • Question
Copy details of searched reference to table using Angular JS
Replies
0
Views
255
TheLazyPig
TheLazyPig

Part and Inventory Search

Sponsor

Back
Top