Re: Hiding Javascript Source
http://www.becomenew.com/jsGuard/myJavascript.cfm?id=E7D097E6-651B-4416-B7F9 03BEC53C52E1 - Original Message - From: "Brad Roberts" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, July 30, 2003 4:32 AM Subject: RE: Hiding Javascript Source > See what you guys think... any comments appreciated. > > http://www.becomenew.com/jsGuard/ > > -Brad > > > -Original Message- > > From: Peter Harrison [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, July 30, 2003 3:26 AM > > To: CF-Talk > > Subject: RE: Hiding Javascript Source > > > > > > Yes, Brad, I'd like to see your hiding technique please. > > > > Of course, we know it's just reversable obfuscation or making it > > a _little_ > > more work to find. > > > > Also, have you seen this: > > http://www.jimworld.com/tools/javascript-encrypt/ > > > > It obfuscates the JavaScript code, but the trick to decrypting > > the whole lot > > is the document.write at the end of the code that is generated. If you can > > "document.write" it, you can also output it so you can copy it. > > Fun fun fun. > > > > - Peter > > > > -Original Message- > > From: Kwang Suh [mailto:[EMAIL PROTECTED] > > Sent: 30 July 2003 06:36 > > To: CF-Talk > > Subject: Re: Hiding Javascript Source > > > > > > If it's on my computer, I can get at it. > > > > - Original Message - > > From: "Brad Roberts" <[EMAIL PROTECTED]> > > To: "CF-Talk" <[EMAIL PROTECTED]> > > Sent: Tuesday, July 29, 2003 8:04 PM > > Subject: SOT: Hiding Javascript Source > > > > > > > I think I've found a way to hide Javascript source. Has anyone > > done this > > > yet? I'll post an example if anyone is interested. > > > > > > -Brad > > > > > > > > > > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Hiding Javascript Source
Charlie,
> a friend of mine put this together. i've not been able to crack it.
>
> since the discussion at hand is hiding source code (which, for the record,
> i'm against...just not worth the effort to hide my javascript), I figured
> some might enjoy it.
>
> http://www.lol.dk/quest/default.asp?id=556872444
>
Using IE6:
//Almost got me there :), here is a hint try using a nother browser then
internet explorer.
[a bunch of carriage returns]
// just kidding its here and all :)
// -
// Anyway good work.
// im correntley working on a real hacker test but you will have to check
back in a month or so to find that :)
alert("heh try grapping this js code ;) heh and the text along width
it");
While this was a bit harder than a lot of hack tests I've seen, the bottom
line is you have to send it to the client in order for it to be executed. If
the client receives it, you can capture it.
- Dan
...
: Name: Dan G. Switzer, II:
: E-mail: [EMAIL PROTECTED] :
: Blog: http://blog.pengoworks.com/ :
:...:
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community.
http://www.fusionauthority.com/ads.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Hiding Javascript Source
One doesn't really need to sniff or craft the headers: this worked fine wget.exe -r -l 1 http://www.becomenew.com/jsGuard/ (doesn't matter if there is anything preventing caching or not) - Hugo Ahlenius E-Mail: [EMAIL PROTECTED] Project OfficerPhone:+46 8 230460 UNEP GRID-Arendal Fax: +46 8 230441 Stockholm Office Mobile: +46 733 467111 WWW: http://www.grida.no - | -Original Message- | From: Peter Harrison [mailto:[EMAIL PROTECTED] | Sent: Wednesday, July 30, 2003 14:25 | To: CF-Talk | Subject: RE: Hiding Javascript Source | | | True. | | A quick sniff and wget with crafted headers will take care of | anything. | | - Peter | | -Original Message- | From: Neil Middleton [mailto:[EMAIL PROTECTED] | Sent: 30 July 2003 13:15 | To: CF-Talk | Subject: RE: Hiding Javascript Source | | | By the fact that the user has to download the script to their | own machine | there is absolutly nothing you can do to prevent a user from | stealing the | code. | | Neil | | | > Isn't javascript cached locally, so if I really wanted the | > source, I could | > find it in my cache? | | | ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Hiding Javascript Source
a friend of mine put this together. i've not been able to crack it. since the discussion at hand is hiding source code (which, for the record, i'm against...just not worth the effort to hide my javascript), I figured some might enjoy it. http://www.lol.dk/quest/default.asp?id=556872444 charlie - Original Message - From: "Brad Roberts" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, July 30, 2003 5:09 AM Subject: RE: Hiding Javascript Source > Yeap! There's the loophole. Is there a sure-fire way of preventing the > browser from caching the page? > > -Brad > > > -Original Message- > > From: Tim Blair [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, July 30, 2003 8:06 AM > > To: CF-Talk > > Subject: RE: Hiding Javascript Source > > > > > > > Is that UUID supposed to expire after one request? > > > > Looks like it does, but that doesn't take into account the browser's > > cached version: > > > > - > > //Presentational Slideshow Script- By Dynamic Drive > > //For full source code and more DHTML scripts, visit > > http://www.dynamicdrive.com > > //This credit MUST stay intact for legal use > > > > var slideshow_width='100px' //SET SLIDESHOW WIDTH (set to largest > > image's width if multiple dimensions exist) > > var slideshow_height='100px' //SET SLIDESHOW HEIGHT (set to largest > > image's height if multiple dimensions exist) > > var pause=3000 //SET PAUSE BETWEEN SLIDE (2000=2 seconds) > > var slidebgcolor="white" > > - > > > > Etc... > > > > Nice idea though... :) > > > > Tim. > > > > > > --- > > RAWNET LTD - Internet, New Media and ebusiness Gurus. > > Visit our new website at http://www.rawnet.com for > > more information about our company, or call us free > > anytime on 0800 294 24 24. > > --- > > Tim Blair > > Web Application Engineer, Rawnet Limited > > Direct Phone : +44 (0) 1344 393 441 > > Switchboard : +44 (0) 1344 393 040 > > --- > > This message may contain information which is legally > > privileged and/or confidential. If you are not the > > intended recipient, you are hereby notified that any > > unauthorised disclosure, copying, distribution or use > > of this information is strictly prohibited. Such > > notification notwithstanding, any comments, opinions, > > information or conclusions expressed in this message > > are those of the originator, not of rawnet limited, > > unless otherwise explicitly and independently indicated > > by an authorised representative of rawnet limited. > > --- > > > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Here's An Example: WAS [Hiding Javascript Source]
You can also open any JS debugger and view the code... -Dan > -Original Message- > From: Philip Arnold [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2003 8:09 AM > To: CF-Talk > Subject: RE: Here's An Example: WAS [Hiding Javascript Source] > > > Just wanted to change the subject so you wouldn't think it's > > another "you can't do it" message. > > > > http://www.becomenew.com/jsGuard/ > > If you set your "Check for newer versions of stored pages" to "Never", > then you can view it > > It's stored in cache, so it won't try to re-get the page > > Nice idea though > > Although you could always do something incredibly similar just using > CGI.HTTP_REFERER rather than putting the UUID on the URL > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Here's An Example: WAS [Hiding Javascript Source]
Doug White wrote: > Anyone ever consider doing it al server-side - using CFScript and NOCACHE? How do you intent to hide javascript server-side? It has to be sent to the client to be executed. Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Here's An Example: WAS [Hiding Javascript Source]
agreed. - Original Message - From: "Jochem van Dieten" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, July 30, 2003 9:02 AM Subject: Re: Here's An Example: WAS [Hiding Javascript Source] > Michael T. Tangorre wrote: > > > > thats a lot of work to hide JS. > > I think the amount of work really isn't that bad. For instance, > if we take XOR encryption (not really very strong) and use Google > we quickly find sourcecode in Javascript: > http://www.eng.uwaterloo.ca/~ejones/software/xorcrypt12.js > I am sure that there is java/C code available as well, and if not > there is always the option of rewriting that javascript in cfscript. > > But even though I don't think it is that much work, if people are > serious about getting your scripts, there is no way to stop them. > > Jochem > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Here's An Example: WAS [Hiding Javascript Source]
Anyone ever consider doing it al server-side - using CFScript and NOCACHE? == Stop spam on your domain, use our gateway! For hosting solutions http://www.clickdoug.com ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772 == If you are not satisfied with my service, my job isn't done! - Original Message - From: "Michael T. Tangorre" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, July 30, 2003 7:43 AM Subject: Re: Here's An Example: WAS [Hiding Javascript Source] | wow | | thats a lot of work to hide JS. | | Brad.. what is in your JS that you want to hide it that bad? | | | | - Original Message - | From: "Jochem van Dieten" <[EMAIL PROTECTED]> | To: "CF-Talk" <[EMAIL PROTECTED]> | Sent: Wednesday, July 30, 2003 8:41 AM | Subject: Re: Here's An Example: WAS [Hiding Javascript Source] | | | > Brad Roberts wrote: | > | > > The problem lies in the browser caching the page... anyway to get around | > > that? | > > | > > You really can't rely on http_referrer... Here's what I'm doing (in a | > > nutshell). | > > | > > Caller page: | > > - | > > | > > | > >
Re: Here's An Example: WAS [Hiding Javascript Source]
Michael T. Tangorre wrote: > > thats a lot of work to hide JS. I think the amount of work really isn't that bad. For instance, if we take XOR encryption (not really very strong) and use Google we quickly find sourcecode in Javascript: http://www.eng.uwaterloo.ca/~ejones/software/xorcrypt12.js I am sure that there is java/C code available as well, and if not there is always the option of rewriting that javascript in cfscript. But even though I don't think it is that much work, if people are serious about getting your scripts, there is no way to stop them. Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Here's An Example: WAS [Hiding Javascript Source]
wow thats a lot of work to hide JS. Brad.. what is in your JS that you want to hide it that bad? - Original Message - From: "Jochem van Dieten" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, July 30, 2003 8:41 AM Subject: Re: Here's An Example: WAS [Hiding Javascript Source] > Brad Roberts wrote: > > > The problem lies in the browser caching the page... anyway to get around > > that? > > > > You really can't rely on http_referrer... Here's what I'm doing (in a > > nutshell). > > > > Caller page: > > - > > > > > >
Re: Here's An Example: WAS [Hiding Javascript Source]
Brad Roberts wrote: > The problem lies in the browser caching the page... anyway to get around > that? > > You really can't rely on http_referrer... Here's what I'm doing (in a > nutshell). > > Caller page: > - > > >
RE: Hiding Javascript Source
LOL... yeah, kindof like making your server hacker proof, unplug it!
Thanks for all the tips... it seemed like a good thought when I thought of
it... and don't ask where I was when I thought of it :)
\ \.
|`\_\
|` ||
__--__ | ||
(~< >~>_| ||
{~~---~~: \ ||
!~~--~~/`+/
\ \___ /
>--\ \ <
<_> - (scopie.com/asciiart)
-Brad
> -Original Message-
> From: Philip Arnold [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, July 30, 2003 8:28 AM
> To: CF-Talk
> Subject: RE: Hiding Javascript Source
>
>
> > Yeap! There's the loophole. Is there a sure-fire way of
> > preventing the browser from caching the page?
>
> Don't put it on the Internet
>
>
>
>
>
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community.
http://www.fusionauthority.com/ads.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Here's An Example: WAS [Hiding Javascript Source]
> What does this one do to hide it? I think I missed the > feature by mistake. Your browser was cacheing it Set your browser to Never cache pages and it works... Pity that most people won't have their browsers set to "Never" ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Hiding Javascript Source
You're right! It was worth a try... it's still better than the "no right click" deal. :) -Brad > -Original Message- > From: Neil Middleton [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2003 8:15 AM > To: CF-Talk > Subject: RE: Hiding Javascript Source > > > By the fact that the user has to download the script to their own machine > there is absolutly nothing you can do to prevent a user from stealing the > code. > > Neil > > > > Isn't javascript cached locally, so if I really wanted the > > source, I could > > find it in my cache? > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Hiding Javascript Source
> Yeap! There's the loophole. Is there a sure-fire way of > preventing the browser from caching the page? Don't put it on the Internet ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Hiding Javascript Source
True. A quick sniff and wget with crafted headers will take care of anything. - Peter -Original Message- From: Neil Middleton [mailto:[EMAIL PROTECTED] Sent: 30 July 2003 13:15 To: CF-Talk Subject: RE: Hiding Javascript Source By the fact that the user has to download the script to their own machine there is absolutly nothing you can do to prevent a user from stealing the code. Neil > Isn't javascript cached locally, so if I really wanted the > source, I could > find it in my cache? ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Here's An Example: WAS [Hiding Javascript Source]
The problem lies in the browser caching the page... anyway to get around that? You really can't rely on http_referrer... Here's what I'm doing (in a nutshell). Caller page: -
RE: Here's An Example: WAS [Hiding Javascript Source]
Well... if there's no way of preventing the browser from caching the page, then I guess it's definitely not fool proof. But heck, it sure beats the "no right click" method! -Brad > -Original Message- > From: Jochem van Dieten [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2003 8:16 AM > To: CF-Talk > Subject: Re: Here's An Example: WAS [Hiding Javascript Source] > > > Brad Roberts wrote: > > Just wanted to change the subject so you wouldn't think it's > another "you > > can't do it" message. > > > > http://www.becomenew.com/jsGuard/ > > Doesn't work. In FireBird, I changed the URL in the address bar > to view-source:http://www.becomenew.com/jsGuard/ which tells me > the name of the javascript. Then I changed the URL to > view-source:http://www.becomenew.com/jsGuard/myJavascript.cfm?id=B > DF0DC85-D050-44E1-9DB853D98FB28E81 > and I get the source of the javascript file. > > The mechanism is very easy and spells doom for all your attempts: > the source is grabbed from browser cache, not from the server. > > Jochem > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Here's An Example: WAS [Hiding Javascript Source]
Brad Roberts wrote: > Just wanted to change the subject so you wouldn't think it's another "you > can't do it" message. > > http://www.becomenew.com/jsGuard/ Doesn't work. In FireBird, I changed the URL in the address bar to view-source:http://www.becomenew.com/jsGuard/ which tells me the name of the javascript. Then I changed the URL to view-source:http://www.becomenew.com/jsGuard/myJavascript.cfm?id=BDF0DC85-D050-44E1-9DB853D98FB28E81 and I get the source of the javascript file. The mechanism is very easy and spells doom for all your attempts: the source is grabbed from browser cache, not from the server. Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Here's An Example: WAS [Hiding Javascript Source]
I downloaded the script with no problem, as follows: 1. Viewed the URL for your jsguard example. 2. Right click in page, choose View Source. 3. Copied the JS file into clipboard, i.e.: myJavascript.cfm?id=1BE8AD56-8DC2-4255-8AB5F51A580DD683 4. Paste clipboard to end of current URL, i.e. http://www.becomenew.com/jsGuard/myJavascript.cfm?id=1BE8AD56-8DC2-4255-8AB5 F51A580DD683 5. Press Enter 6. View source - reveals all source code. What does this one do to hide it? I think I missed the feature by mistake. - Peter -Original Message- From: Brad Roberts [mailto:[EMAIL PROTECTED] Sent: 30 July 2003 12:54 To: CF-Talk Subject: RE: Here's An Example: WAS [Hiding Javascript Source] Just wanted to change the subject so you wouldn't think it's another "you can't do it" message. http://www.becomenew.com/jsGuard/ -Brad > -Original Message- > From: Brad Roberts [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2003 7:32 AM > To: CF-Talk > Subject: RE: Hiding Javascript Source > > > See what you guys think... any comments appreciated. > > http://www.becomenew.com/jsGuard/ > > -Brad > > > -Original Message- > > From: Peter Harrison [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, July 30, 2003 3:26 AM > > To: CF-Talk > > Subject: RE: Hiding Javascript Source > > > > > > Yes, Brad, I'd like to see your hiding technique please. > > > > Of course, we know it's just reversable obfuscation or making it > > a _little_ > > more work to find. > > > > Also, have you seen this: > > http://www.jimworld.com/tools/javascript-encrypt/ > > > > It obfuscates the JavaScript code, but the trick to decrypting > > the whole lot > > is the document.write at the end of the code that is generated. > If you can > > "document.write" it, you can also output it so you can copy it. > > Fun fun fun. > > > > - Peter > > > > -Original Message- > > From: Kwang Suh [mailto:[EMAIL PROTECTED] > > Sent: 30 July 2003 06:36 > > To: CF-Talk > > Subject: Re: Hiding Javascript Source > > > > > > If it's on my computer, I can get at it. > > > > - Original Message - > > From: "Brad Roberts" <[EMAIL PROTECTED]> > > To: "CF-Talk" <[EMAIL PROTECTED]> > > Sent: Tuesday, July 29, 2003 8:04 PM > > Subject: SOT: Hiding Javascript Source > > > > > > > I think I've found a way to hide Javascript source. Has anyone > > done this > > > yet? I'll post an example if anyone is interested. > > > > > > -Brad > > > > > > > > > > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Hiding Javascript Source
Again, is there a way to prevent the cached file? -Brad > -Original Message- > From: Mike Townend [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2003 8:14 AM > To: CF-Talk > Subject: RE: Hiding Javascript Source > > > Copy of the file sitting in my Temporary Internet Files dir ;) > > > > -Original Message- > From: Brad Roberts [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2003 12:32 > To: CF-Talk > Subject: RE: Hiding Javascript Source > > > See what you guys think... any comments appreciated. > > http://www.becomenew.com/jsGuard/ > > -Brad > > > -Original Message- > > From: Peter Harrison [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, July 30, 2003 3:26 AM > > To: CF-Talk > > Subject: RE: Hiding Javascript Source > > > > > > Yes, Brad, I'd like to see your hiding technique please. > > > > Of course, we know it's just reversable obfuscation or making it a > > _little_ more work to find. > > > > Also, have you seen this: > > http://www.jimworld.com/tools/javascript-encrypt/ > > > > It obfuscates the JavaScript code, but the trick to decrypting the > > whole lot is the document.write at the end of the code that is > > generated. If you can "document.write" it, you can also output it so > > you can copy it. Fun fun fun. > > > > - Peter > > > > -Original Message- > > From: Kwang Suh [mailto:[EMAIL PROTECTED] > > Sent: 30 July 2003 06:36 > > To: CF-Talk > > Subject: Re: Hiding Javascript Source > > > > > > If it's on my computer, I can get at it. > > > > - Original Message - > > From: "Brad Roberts" <[EMAIL PROTECTED]> > > To: "CF-Talk" <[EMAIL PROTECTED]> > > Sent: Tuesday, July 29, 2003 8:04 PM > > Subject: SOT: Hiding Javascript Source > > > > > > > I think I've found a way to hide Javascript source. Has anyone > > done this > > > yet? I'll post an example if anyone is interested. > > > > > > -Brad > > > > > > > > > > > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Hiding Javascript Source
By the fact that the user has to download the script to their own machine there is absolutly nothing you can do to prevent a user from stealing the code. Neil > Isn't javascript cached locally, so if I really wanted the > source, I could > find it in my cache? ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Hiding Javascript Source
Copy of the file sitting in my Temporary Internet Files dir ;) -Original Message- From: Brad Roberts [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 30, 2003 12:32 To: CF-Talk Subject: RE: Hiding Javascript Source See what you guys think... any comments appreciated. http://www.becomenew.com/jsGuard/ -Brad > -Original Message- > From: Peter Harrison [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2003 3:26 AM > To: CF-Talk > Subject: RE: Hiding Javascript Source > > > Yes, Brad, I'd like to see your hiding technique please. > > Of course, we know it's just reversable obfuscation or making it a > _little_ more work to find. > > Also, have you seen this: > http://www.jimworld.com/tools/javascript-encrypt/ > > It obfuscates the JavaScript code, but the trick to decrypting the > whole lot is the document.write at the end of the code that is > generated. If you can "document.write" it, you can also output it so > you can copy it. Fun fun fun. > > - Peter > > -Original Message- > From: Kwang Suh [mailto:[EMAIL PROTECTED] > Sent: 30 July 2003 06:36 > To: CF-Talk > Subject: Re: Hiding Javascript Source > > > If it's on my computer, I can get at it. > > - Original Message - > From: "Brad Roberts" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Tuesday, July 29, 2003 8:04 PM > Subject: SOT: Hiding Javascript Source > > > > I think I've found a way to hide Javascript source. Has anyone > done this > > yet? I'll post an example if anyone is interested. > > > > -Brad > > > > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Hiding Javascript Source
you can not hide it. - Original Message - From: "Brad Roberts" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, July 30, 2003 8:05 AM Subject: RE: Hiding Javascript Source > I think your browser may have cached it... hmmm... I'll add some code to > prevent the page from being cached. May not fully solve the problem, > however > > -Brad > > > -Original Message- > > From: Ryan Emerle [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, July 30, 2003 8:00 AM > > To: CF-Talk > > Subject: RE: Hiding Javascript Source > > > > > > Erm.. i just did a view source and copied the JS src URL to the > > browser and the JS was displayed. > > > > After i hit refresh on that page, though, it said "Trying to > > steal my javascript source?" > > > > Is that UUID supposed to expire after one request? > > > > -Ryan > > > > -----Original Message- > > From: Brad Roberts [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, July 30, 2003 7:32 AM > > To: CF-Talk > > Subject: RE: Hiding Javascript Source > > > > > > See what you guys think... any comments appreciated. > > > > http://www.becomenew.com/jsGuard/ > > > > -Brad > > > > > -Original Message- > > > From: Peter Harrison [mailto:[EMAIL PROTECTED] > > > Sent: Wednesday, July 30, 2003 3:26 AM > > > To: CF-Talk > > > Subject: RE: Hiding Javascript Source > > > > > > > > > Yes, Brad, I'd like to see your hiding technique please. > > > > > > Of course, we know it's just reversable obfuscation or making it > > > a _little_ > > > more work to find. > > > > > > Also, have you seen this: > > > http://www.jimworld.com/tools/javascript-encrypt/ > > > > > > It obfuscates the JavaScript code, but the trick to decrypting > > > the whole lot > > > is the document.write at the end of the code that is generated. > > If you can > > > "document.write" it, you can also output it so you can copy it. > > > Fun fun fun. > > > > > > - Peter > > > > > > -Original Message- > > > From: Kwang Suh [mailto:[EMAIL PROTECTED] > > > Sent: 30 July 2003 06:36 > > > To: CF-Talk > > > Subject: Re: Hiding Javascript Source > > > > > > > > > If it's on my computer, I can get at it. > > > > > > - Original Message - > > > From: "Brad Roberts" <[EMAIL PROTECTED]> > > > To: "CF-Talk" <[EMAIL PROTECTED]> > > > Sent: Tuesday, July 29, 2003 8:04 PM > > > Subject: SOT: Hiding Javascript Source > > > > > > > > > > I think I've found a way to hide Javascript source. Has anyone > > > done this > > > > yet? I'll post an example if anyone is interested. > > > > > > > > -Brad > > > > > > > > > > > > > > > > > > > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Hiding Javascript Source
Yeap! There's the loophole. Is there a sure-fire way of preventing the browser from caching the page? -Brad > -Original Message- > From: Tim Blair [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2003 8:06 AM > To: CF-Talk > Subject: RE: Hiding Javascript Source > > > > Is that UUID supposed to expire after one request? > > Looks like it does, but that doesn't take into account the browser's > cached version: > > - > //Presentational Slideshow Script- By Dynamic Drive > //For full source code and more DHTML scripts, visit > http://www.dynamicdrive.com > //This credit MUST stay intact for legal use > > var slideshow_width='100px' //SET SLIDESHOW WIDTH (set to largest > image's width if multiple dimensions exist) > var slideshow_height='100px' //SET SLIDESHOW HEIGHT (set to largest > image's height if multiple dimensions exist) > var pause=3000 //SET PAUSE BETWEEN SLIDE (2000=2 seconds) > var slidebgcolor="white" > - > > Etc... > > Nice idea though... :) > > Tim. > > > --- > RAWNET LTD - Internet, New Media and ebusiness Gurus. > Visit our new website at http://www.rawnet.com for > more information about our company, or call us free > anytime on 0800 294 24 24. > --- > Tim Blair > Web Application Engineer, Rawnet Limited > Direct Phone : +44 (0) 1344 393 441 > Switchboard : +44 (0) 1344 393 040 > --- > This message may contain information which is legally > privileged and/or confidential. If you are not the > intended recipient, you are hereby notified that any > unauthorised disclosure, copying, distribution or use > of this information is strictly prohibited. Such > notification notwithstanding, any comments, opinions, > information or conclusions expressed in this message > are those of the originator, not of rawnet limited, > unless otherwise explicitly and independently indicated > by an authorised representative of rawnet limited. > --- > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Hiding Javascript Source
At 08:07 AM 07/30/03 -0400, Michael T. Tangorre wrote: >click view source, and u have the source. :-) Isn't javascript cached locally, so if I really wanted the source, I could find it in my cache? T Tired of your bookmarks/favourites being limited to one computer? Move them to the Net! www.stuffbythane.com/webfavourites makes it easy to keep all your favourites in one place and access them from any computer that's attached to the Internet. ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Hiding Javascript Source
At 08:01 AM 07/30/03 -0400, Brad Roberts wrote:
>Yeah... you shouldn't have seen it the first time... I'll have to check into
>that. You actually saw the complete Javascript source?
This is what I get:
//Presentational Slideshow Script- By Dynamic Drive //For full source code
and more DHTML scripts, visit http://www.dynamicdrive.com //This credit
MUST stay intact for legal use var slideshow_width='100px' //SET SLIDESHOW
WIDTH (set to largest image's width if multiple dimensions exist) var
slideshow_height='100px' //SET SLIDESHOW HEIGHT (set to largest image's
height if multiple dimensions exist) var pause=3000 //SET PAUSE BETWEEN
SLIDE (2000=2 seconds) var slidebgcolor="white" var dropimages=new Array()
//SET IMAGE PATHS. Extend or contract array as needed
dropimages[0]="image1.gif" dropimages[1]="image2.gif"
dropimages[2]="image3.gif" var droplinks=new Array() //SET IMAGE URLs. Use
"" if you wish particular image to NOT be linked: droplinks[0]=""
droplinks[1]="" droplinks[2]="" NO need to edit beyond
here/ var preloadedimages=new Array() for (p=0;p') else
document.write('') var curpos=parseInt(slideshow_width)*(-1) var degree=10
var curcanvas="canvas0" var curimageindex=linkindex=0 var nextimageindex=1
function movepic(){ if (curpos<0){ curpos=Math.min(curpos+degree,0)
tempobj.style.left=curpos+"px" } else{ clearInterval(dropslide)
nextcanvas=(curcanvas=="canvas0")? "canvas0" : "canvas1" tempobj=ie4?
eval("document.all."+nextcanvas) : document.getElementById(nextcanvas) var
slideimage='' tempobj.innerHTML=(droplinks[curimageindex]!="")?
''+slideimage+'' : slideimage nextimageindex=(nextimageindex' rotateimage()
} if (ie4||dom) window.onload=startit else setInterval("rotateimage()",pause)
Little hard to read, but appears to be complete. Very cool idea, though.
T
Tired of your bookmarks/favourites being limited to one computer? Move
them to the Net!
www.stuffbythane.com/webfavourites makes it easy to keep all your
favourites in one place and
access them from any computer that's attached to the Internet.
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
http://www.cfhosting.com
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Hiding Javascript Source
I think your browser may have cached it... hmmm... I'll add some code to prevent the page from being cached. May not fully solve the problem, however -Brad > -Original Message- > From: Ryan Emerle [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2003 8:00 AM > To: CF-Talk > Subject: RE: Hiding Javascript Source > > > Erm.. i just did a view source and copied the JS src URL to the > browser and the JS was displayed. > > After i hit refresh on that page, though, it said "Trying to > steal my javascript source?" > > Is that UUID supposed to expire after one request? > > -Ryan > > -Original Message- > From: Brad Roberts [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2003 7:32 AM > To: CF-Talk > Subject: RE: Hiding Javascript Source > > > See what you guys think... any comments appreciated. > > http://www.becomenew.com/jsGuard/ > > -Brad > > > -Original Message- > > From: Peter Harrison [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, July 30, 2003 3:26 AM > > To: CF-Talk > > Subject: RE: Hiding Javascript Source > > > > > > Yes, Brad, I'd like to see your hiding technique please. > > > > Of course, we know it's just reversable obfuscation or making it > > a _little_ > > more work to find. > > > > Also, have you seen this: > > http://www.jimworld.com/tools/javascript-encrypt/ > > > > It obfuscates the JavaScript code, but the trick to decrypting > > the whole lot > > is the document.write at the end of the code that is generated. > If you can > > "document.write" it, you can also output it so you can copy it. > > Fun fun fun. > > > > - Peter > > > > -Original Message- > > From: Kwang Suh [mailto:[EMAIL PROTECTED] > > Sent: 30 July 2003 06:36 > > To: CF-Talk > > Subject: Re: Hiding Javascript Source > > > > > > If it's on my computer, I can get at it. > > > > - Original Message - > > From: "Brad Roberts" <[EMAIL PROTECTED]> > > To: "CF-Talk" <[EMAIL PROTECTED]> > > Sent: Tuesday, July 29, 2003 8:04 PM > > Subject: SOT: Hiding Javascript Source > > > > > > > I think I've found a way to hide Javascript source. Has anyone > > done this > > > yet? I'll post an example if anyone is interested. > > > > > > -Brad > > > > > > > > > > > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Here's An Example: WAS [Hiding Javascript Source]
> Just wanted to change the subject so you wouldn't think it's > another "you can't do it" message. > > http://www.becomenew.com/jsGuard/ If you set your "Check for newer versions of stored pages" to "Never", then you can view it It's stored in cache, so it won't try to re-get the page Nice idea though Although you could always do something incredibly similar just using CGI.HTTP_REFERER rather than putting the UUID on the URL ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Hiding Javascript Source
http://www.becomenew.com/jsGuard/myJavascript.cfm?id=C3536466-B1FB-4845-95F49CB07C3672EB click view source, and u have the source. :-) - Original Message - From: "Brad Roberts" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, July 30, 2003 7:32 AM Subject: RE: Hiding Javascript Source > See what you guys think... any comments appreciated. > > http://www.becomenew.com/jsGuard/ > > -Brad > > > -Original Message- > > From: Peter Harrison [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, July 30, 2003 3:26 AM > > To: CF-Talk > > Subject: RE: Hiding Javascript Source > > > > > > Yes, Brad, I'd like to see your hiding technique please. > > > > Of course, we know it's just reversable obfuscation or making it > > a _little_ > > more work to find. > > > > Also, have you seen this: > > http://www.jimworld.com/tools/javascript-encrypt/ > > > > It obfuscates the JavaScript code, but the trick to decrypting > > the whole lot > > is the document.write at the end of the code that is generated. If you can > > "document.write" it, you can also output it so you can copy it. > > Fun fun fun. > > > > - Peter > > > > -Original Message- > > From: Kwang Suh [mailto:[EMAIL PROTECTED] > > Sent: 30 July 2003 06:36 > > To: CF-Talk > > Subject: Re: Hiding Javascript Source > > > > > > If it's on my computer, I can get at it. > > > > - Original Message - > > From: "Brad Roberts" <[EMAIL PROTECTED]> > > To: "CF-Talk" <[EMAIL PROTECTED]> > > Sent: Tuesday, July 29, 2003 8:04 PM > > Subject: SOT: Hiding Javascript Source > > > > > > > I think I've found a way to hide Javascript source. Has anyone > > done this > > > yet? I'll post an example if anyone is interested. > > > > > > -Brad > > > > > > > > > > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Hiding Javascript Source
> Is that UUID supposed to expire after one request? Looks like it does, but that doesn't take into account the browser's cached version: - //Presentational Slideshow Script- By Dynamic Drive //For full source code and more DHTML scripts, visit http://www.dynamicdrive.com //This credit MUST stay intact for legal use var slideshow_width='100px' //SET SLIDESHOW WIDTH (set to largest image's width if multiple dimensions exist) var slideshow_height='100px' //SET SLIDESHOW HEIGHT (set to largest image's height if multiple dimensions exist) var pause=3000 //SET PAUSE BETWEEN SLIDE (2000=2 seconds) var slidebgcolor="white" - Etc... Nice idea though... :) Tim. --- RAWNET LTD - Internet, New Media and ebusiness Gurus. Visit our new website at http://www.rawnet.com for more information about our company, or call us free anytime on 0800 294 24 24. --- Tim Blair Web Application Engineer, Rawnet Limited Direct Phone : +44 (0) 1344 393 441 Switchboard : +44 (0) 1344 393 040 --- This message may contain information which is legally privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any unauthorised disclosure, copying, distribution or use of this information is strictly prohibited. Such notification notwithstanding, any comments, opinions, information or conclusions expressed in this message are those of the originator, not of rawnet limited, unless otherwise explicitly and independently indicated by an authorised representative of rawnet limited. --- ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Hiding Javascript Source
Yeah... you shouldn't have seen it the first time... I'll have to check into that. You actually saw the complete Javascript source? -Brad > -Original Message- > From: Ryan Emerle [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2003 8:00 AM > To: CF-Talk > Subject: RE: Hiding Javascript Source > > > Erm.. i just did a view source and copied the JS src URL to the > browser and the JS was displayed. > > After i hit refresh on that page, though, it said "Trying to > steal my javascript source?" > > Is that UUID supposed to expire after one request? > > -Ryan > > -Original Message- > From: Brad Roberts [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2003 7:32 AM > To: CF-Talk > Subject: RE: Hiding Javascript Source > > > See what you guys think... any comments appreciated. > > http://www.becomenew.com/jsGuard/ > > -Brad > > > -Original Message- > > From: Peter Harrison [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, July 30, 2003 3:26 AM > > To: CF-Talk > > Subject: RE: Hiding Javascript Source > > > > > > Yes, Brad, I'd like to see your hiding technique please. > > > > Of course, we know it's just reversable obfuscation or making it > > a _little_ > > more work to find. > > > > Also, have you seen this: > > http://www.jimworld.com/tools/javascript-encrypt/ > > > > It obfuscates the JavaScript code, but the trick to decrypting > > the whole lot > > is the document.write at the end of the code that is generated. > If you can > > "document.write" it, you can also output it so you can copy it. > > Fun fun fun. > > > > - Peter > > > > -Original Message- > > From: Kwang Suh [mailto:[EMAIL PROTECTED] > > Sent: 30 July 2003 06:36 > > To: CF-Talk > > Subject: Re: Hiding Javascript Source > > > > > > If it's on my computer, I can get at it. > > > > - Original Message - > > From: "Brad Roberts" <[EMAIL PROTECTED]> > > To: "CF-Talk" <[EMAIL PROTECTED]> > > Sent: Tuesday, July 29, 2003 8:04 PM > > Subject: SOT: Hiding Javascript Source > > > > > > > I think I've found a way to hide Javascript source. Has anyone > > done this > > > yet? I'll post an example if anyone is interested. > > > > > > -Brad > > > > > > > > > > > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Hiding Javascript Source
Erm.. i just did a view source and copied the JS src URL to the browser and the JS was displayed. After i hit refresh on that page, though, it said "Trying to steal my javascript source?" Is that UUID supposed to expire after one request? -Ryan -Original Message- From: Brad Roberts [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 30, 2003 7:32 AM To: CF-Talk Subject: RE: Hiding Javascript Source See what you guys think... any comments appreciated. http://www.becomenew.com/jsGuard/ -Brad > -Original Message- > From: Peter Harrison [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2003 3:26 AM > To: CF-Talk > Subject: RE: Hiding Javascript Source > > > Yes, Brad, I'd like to see your hiding technique please. > > Of course, we know it's just reversable obfuscation or making it > a _little_ > more work to find. > > Also, have you seen this: > http://www.jimworld.com/tools/javascript-encrypt/ > > It obfuscates the JavaScript code, but the trick to decrypting > the whole lot > is the document.write at the end of the code that is generated. If you can > "document.write" it, you can also output it so you can copy it. > Fun fun fun. > > - Peter > > -Original Message- > From: Kwang Suh [mailto:[EMAIL PROTECTED] > Sent: 30 July 2003 06:36 > To: CF-Talk > Subject: Re: Hiding Javascript Source > > > If it's on my computer, I can get at it. > > - Original Message ----- > From: "Brad Roberts" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Tuesday, July 29, 2003 8:04 PM > Subject: SOT: Hiding Javascript Source > > > > I think I've found a way to hide Javascript source. Has anyone > done this > > yet? I'll post an example if anyone is interested. > > > > -Brad > > > > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Here's An Example: WAS [Hiding Javascript Source]
Just wanted to change the subject so you wouldn't think it's another "you can't do it" message. http://www.becomenew.com/jsGuard/ -Brad > -Original Message- > From: Brad Roberts [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2003 7:32 AM > To: CF-Talk > Subject: RE: Hiding Javascript Source > > > See what you guys think... any comments appreciated. > > http://www.becomenew.com/jsGuard/ > > -Brad > > > -Original Message- > > From: Peter Harrison [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, July 30, 2003 3:26 AM > > To: CF-Talk > > Subject: RE: Hiding Javascript Source > > > > > > Yes, Brad, I'd like to see your hiding technique please. > > > > Of course, we know it's just reversable obfuscation or making it > > a _little_ > > more work to find. > > > > Also, have you seen this: > > http://www.jimworld.com/tools/javascript-encrypt/ > > > > It obfuscates the JavaScript code, but the trick to decrypting > > the whole lot > > is the document.write at the end of the code that is generated. > If you can > > "document.write" it, you can also output it so you can copy it. > > Fun fun fun. > > > > - Peter > > > > -Original Message- > > From: Kwang Suh [mailto:[EMAIL PROTECTED] > > Sent: 30 July 2003 06:36 > > To: CF-Talk > > Subject: Re: Hiding Javascript Source > > > > > > If it's on my computer, I can get at it. > > > > - Original Message - > > From: "Brad Roberts" <[EMAIL PROTECTED]> > > To: "CF-Talk" <[EMAIL PROTECTED]> > > Sent: Tuesday, July 29, 2003 8:04 PM > > Subject: SOT: Hiding Javascript Source > > > > > > > I think I've found a way to hide Javascript source. Has anyone > > done this > > > yet? I'll post an example if anyone is interested. > > > > > > -Brad > > > > > > > > > > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Hiding Javascript Source
See what you guys think... any comments appreciated. http://www.becomenew.com/jsGuard/ -Brad > -Original Message- > From: Peter Harrison [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2003 3:26 AM > To: CF-Talk > Subject: RE: Hiding Javascript Source > > > Yes, Brad, I'd like to see your hiding technique please. > > Of course, we know it's just reversable obfuscation or making it > a _little_ > more work to find. > > Also, have you seen this: > http://www.jimworld.com/tools/javascript-encrypt/ > > It obfuscates the JavaScript code, but the trick to decrypting > the whole lot > is the document.write at the end of the code that is generated. If you can > "document.write" it, you can also output it so you can copy it. > Fun fun fun. > > - Peter > > -Original Message- > From: Kwang Suh [mailto:[EMAIL PROTECTED] > Sent: 30 July 2003 06:36 > To: CF-Talk > Subject: Re: Hiding Javascript Source > > > If it's on my computer, I can get at it. > > - Original Message - > From: "Brad Roberts" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Tuesday, July 29, 2003 8:04 PM > Subject: SOT: Hiding Javascript Source > > > > I think I've found a way to hide Javascript source. Has anyone > done this > > yet? I'll post an example if anyone is interested. > > > > -Brad > > > > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Hiding Javascript Source
Yes, Brad, I'd like to see your hiding technique please. Of course, we know it's just reversable obfuscation or making it a _little_ more work to find. Also, have you seen this: http://www.jimworld.com/tools/javascript-encrypt/ It obfuscates the JavaScript code, but the trick to decrypting the whole lot is the document.write at the end of the code that is generated. If you can "document.write" it, you can also output it so you can copy it. Fun fun fun. - Peter -Original Message- From: Kwang Suh [mailto:[EMAIL PROTECTED] Sent: 30 July 2003 06:36 To: CF-Talk Subject: Re: Hiding Javascript Source If it's on my computer, I can get at it. - Original Message - From: "Brad Roberts" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Tuesday, July 29, 2003 8:04 PM Subject: SOT: Hiding Javascript Source > I think I've found a way to hide Javascript source. Has anyone done this > yet? I'll post an example if anyone is interested. > > -Brad > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Hiding Javascript Source
If it's on my computer, I can get at it. - Original Message - From: "Brad Roberts" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Tuesday, July 29, 2003 8:04 PM Subject: SOT: Hiding Javascript Source > I think I've found a way to hide Javascript source. Has anyone done this > yet? I'll post an example if anyone is interested. > > -Brad > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Hiding Javascript Source
You can scramble CFML though :-). How many votes for developing a client-side flavor of CFML to replace Javascript? Seriously though, I'm pretty sure it's not possible to *completely* hide JS from the experienced visitor, but I am intrigued by your claim. I'd be interested in seeing your example. Mike Mertsock Alfred University Web Team >Can't hide it. Best you can do is put it in an external file a include it. > > > >-Original Message- >From: Brad Roberts [mailto:[EMAIL PROTECTED] >Sent: Tuesday, July 29, 2003 10:04 PM >To: CF-Talk >Subject: SOT: Hiding Javascript Source > > >I think I've found a way to hide Javascript source. Has anyone done this >yet? I'll post an example if anyone is interested. > >-Brad > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Hiding Javascript Source
Can't hide it. Best you can do is put it in an external file a include it. -Original Message- From: Brad Roberts [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 10:04 PM To: CF-Talk Subject: SOT: Hiding Javascript Source I think I've found a way to hide Javascript source. Has anyone done this yet? I'll post an example if anyone is interested. -Brad ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
SOT: Hiding Javascript Source
I think I've found a way to hide Javascript source. Has anyone done this yet? I'll post an example if anyone is interested. -Brad ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
