Re: I need a little help
== "Didier Caamano" <[EMAIL PROTECTED]> writes: > Is not that I don't want to share or soimething like that, is just I > have some scripts that need to be part of the web page code but they > compromise in some ways the security of the site and the privacy of > those who are part/members of the organization. Ah-- scripts, that's different. Most of the answers you've been getting have to do with HTML code. Are these CGI scripts? It is possible to set up apache so that CGI scripts are not viewable in source code form. Generally, that involves putting the CGI scripts in their own directory; have you done this already? Also, SSI-parsed scripts generally do not leave the server in raw form, but only in parsed form. That's a matter of writing your scripts carefully. If you have security information that you need to use in a script on the server side but you don't want to go out, putting it in a separate CGI script is probably going to be a better bet. -Rob -- -=-=-= Rob Knop =-= [EMAIL PROTECTED] =-= http://www.pobox.com/~rknop =-=-=- Help the EFF protect basic freedoms online: http://www.eff.org Playwrights & theatre types, see The Dramatic Exchange: http://www.dramex.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I need a little help
"Didier Caamano" <[EMAIL PROTECTED]> writes: > Greetings to all: > > I was wondering how I can configure apache 1.3 to not allow visitors to > view the source code of the page when they click on View ->Source > > Is there any option in apache to do that?, any hint will be appretiated. Yeah. Don't put the document on the web at all. Then nobody can see it. That will do what you're asking for. Note: this works with *any* web server, not just apache. -Rob -- -=-=-= Rob Knop =-= [EMAIL PROTECTED] =-= http://www.pobox.com/~rknop =-=-=- Help the EFF protect basic freedoms online: http://www.eff.org Playwrights & theatre types, see The Dramatic Exchange: http://www.dramex.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I need a little help
People: Thank you very much for your answers, they have give me some directions, I'm sorry for the kind of dumb question but I'm a little bit new to server management. Once again your answers have give me some directions and now I know what I must do (well I think so). Thank you guys very much, Didier. "Nothing would please me more than being able to hire ten programmers and deluge the hoby market with good software"...Bill Gates 1976...We're still waiting From: Barney Wrightson <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: I need a little help Date: Tue, 18 Mar 2003 13:19:36 +1030 Didier Caamano wrote: Is not that I don't want to share or soimething like that, is just I have some scripts that need to be part of the web page code but they compromise in some ways the security of the site and the privacy of those who are part/members of the organization. As a result, I was wondering how could I hide the code, or the part of the code that I don't want my visitors to see. I see now that there is no way, or at least with apache. But I still need to hide at least those path for the scripts that could compromise the site. By the way, thank very much to you guys for your answers. Have a nice day. Didier. As others have pointed out, If the client is going to run the script you are not going to be able to hide it. The solution is have any sensitive code executed on the server. This can be done using a variety of methods, eg. PHP or server side Javascript, the problem being that interactivity with the user is more cumbersome. HTH, Barney -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I need a little help
Didier Caamano wrote: Is not that I don't want to share or soimething like that, is just I have some scripts that need to be part of the web page code but they compromise in some ways the security of the site and the privacy of those who are part/members of the organization. As a result, I was wondering how could I hide the code, or the part of the code that I don't want my visitors to see. I see now that there is no way, or at least with apache. But I still need to hide at least those path for the scripts that could compromise the site. By the way, thank very much to you guys for your answers. Have a nice day. Didier. As others have pointed out, If the client is going to run the script you are not going to be able to hide it. The solution is have any sensitive code executed on the server. This can be done using a variety of methods, eg. PHP or server side Javascript, the problem being that interactivity with the user is more cumbersome. HTH, Barney -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I need a little help
On Mon, Mar 17, 2003 at 04:00:43PM -0700, Didier Caamano wrote: > Is not that I don't want to share or soimething like that, is just I have > some scripts that need to be part of the web page code but they compromise > in some ways the security of the site and the privacy of those who are > part/members of the organization. > > As a result, I was wondering how could I hide the code, or the part of the > code that I don't want my visitors to see. I see now that there is no way, > or at least with apache. But I still need to hide at least those path for > the scripts that could compromise the site. The problem you're having is thinking that it's anything to /do/ with Apache - it's not! Even if you manage to "hide" the scripts, you're still going to come down to a single problem: if the scripts are destined to be run on the client - on the user's machine, not your server - then someone /will/ get hold of the source to them. So I'd suggest that the question then becomes "how can I write these scripts in a way that they don't compromise the security of the site/server/whatever?" The simple - but totally useless - answer is "don't trust the client." Why useless? Well, it doesn't tell you about /how/ to do it, just /what/ to do. That's all I can tell you, but I'm fairly sure it's the way you should be going. Remember - if your scripts can pass back information to your servers from the client machine, then anyone malicious can pass back carefully crafted data to take advantage of your servers. You /have/ to assume that this will be done so as to make sure that it has as little affect as possible! > By the way, thank very much to you guys for your answers. Have a nice day. > Didier. jc [CC'd you because - I don't know why - I just get the feeling that perhaps you're not subscribed :-] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I need a little help
Didier Caamano wrote: Is not that I don't want to share or soimething like that, is just I have some scripts that need to be part of the web page code but they compromise in some ways the security of the site and the privacy of those who are part/members of the organization. If it compromises security so much that you're concerned, then perhaps there is another way to do what that script is doing. As a result, I was wondering how could I hide the code, or the part of the code that I don't want my visitors to see. I see now that there is no way, or at least with apache. But I still need to hide at least those path for the scripts that could compromise the site. I'd go about finding some other way to do what ever the script is doing. It has NOTHING to do with Apache. Any and all web servers send to the browser the complete source code of the web page (with SSI's changed into the values they need to be). Without knowing more about what it is exactly you're doing I can't help you much more then that. Sorry. By the way, thank very much to you guys for your answers. Have a nice day. Didier. You're welcome. -- Let me meddle not in the affairs of Linuxen For I am an idiot and will toast my boxen. http://www.hsv-hotspots.com/ Your hotspot for Wireless in HSV, AL -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I need a little help
On Mon, Mar 17, 2003 at 01:13:19PM -0700, Didier Caamano wrote: > I was wondering how I can configure apache 1.3 to not allow visitors to > view the source code of the page when they click on View ->Source At first I thought this was a question on how to ENABLE visitors to view the source... to be honest I'm amazed that someone who's taken the time to subscribe to an open source operating system mailing list would want to know this... for those of you who want to facilitate viewing source on a page, don't forget about: view page source should work You can also do it with javascript and it will definitely work: onclick="location.href = 'view-source:' + location; return false;" You can also do this kind of thing with PHP source files, but the how to part is outside of my instant memory recall. emma -- Emma Jane Hogbin [[ 416 417 2868 ][ www.xtrinsic.com ]] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I need a little help
Is not that I don't want to share or soimething like that, is just I have some scripts that need to be part of the web page code but they compromise in some ways the security of the site and the privacy of those who are part/members of the organization. As a result, I was wondering how could I hide the code, or the part of the code that I don't want my visitors to see. I see now that there is no way, or at least with apache. But I still need to hide at least those path for the scripts that could compromise the site. By the way, thank very much to you guys for your answers. Have a nice day. Didier. "Nothing would please me more than being able to hire ten programmers and deluge the hoby market with good software"...Bill Gates 1976...We're still waiting From: Joseph A Nagy Jr <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: Debian List <[EMAIL PROTECTED]> Subject: Re: I need a little help Date: Mon, 17 Mar 2003 15:39:42 -0600 Didier Caamano wrote: Greetings to all: I was wondering how I can configure apache 1.3 to not allow visitors to view the source code of the page when they click on View ->Source Is there any option in apache to do that?, any hint will be appretiated. Didier. Trying to prevent people from viewing your source code is as effective as asking Bill Gates to put out a product that works. It does no good and in the end only frustrates you and the end user. If you are that desperate though to prevent people from viewing your source, there are several companies claiming to "encrypt" your source code, but it takes no verification for someone to go to that same site and decrypt it. If you're that desperate to keep your source private, don't post it on the www. -- Let me meddle not in the affairs of Linuxen For I am an idiot and will toast my boxen. http://www.hsv-hotspots.com/ Your hotspot for Wireless in HSV, AL -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I need a little help
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Mar 17, 2003 at 01:13:19PM -0700, Didier Caamano wrote: > I was wondering how I can configure apache 1.3 to not allow visitors to > view the source code of the page when they click on View ->Source Not going to happen. If someone wants to see the source, they can. Nothing is going to change that. - -- .''`. Baloo Ursidae <[EMAIL PROTECTED]> : :' :proud Debian admin and user `. `'` `- Debian - when you have better things to do than fix a system -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+dlEqJ5vLSqVpK2kRAjk7AKDgXpoV8ad0I8KJS/QSUP6kE1DSqwCgu9w8 A961g+oSXbm17jiMH7Df3io= =256M -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I need a little help
* Didier Caamano <[EMAIL PROTECTED]> [20030317 12:54 PST]: > I was wondering how I can configure apache 1.3 to not allow visitors to > view the source code of the page when they click on View ->Source > > Is there any option in apache to do that?, any hint will be appretiated. You don't click in apache. Either you give your visitors a page of HTML, or you don't. What they do with it beyond that is beyond your control. They can render it properly as HTML, they can render it brokenly as HTML, or they can display it, or save it, or print it out, or whatever they like. Most browsers choose the second action in the above list, usually with the ability to also do the third at the user's request. If you have some data that you don't want to share, don't share it. good times, Vineet -- http://www.doorstop.net/ -- http://www.anti-dmca.org/ signature.asc Description: Digital signature
Re: I need a little help
Didier Caamano wrote: Greetings to all: I was wondering how I can configure apache 1.3 to not allow visitors to view the source code of the page when they click on View ->Source Is there any option in apache to do that?, any hint will be appretiated. Didier. Trying to prevent people from viewing your source code is as effective as asking Bill Gates to put out a product that works. It does no good and in the end only frustrates you and the end user. If you are that desperate though to prevent people from viewing your source, there are several companies claiming to "encrypt" your source code, but it takes no verification for someone to go to that same site and decrypt it. If you're that desperate to keep your source private, don't post it on the www. -- Let me meddle not in the affairs of Linuxen For I am an idiot and will toast my boxen. http://www.hsv-hotspots.com/ Your hotspot for Wireless in HSV, AL -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I need a little help
On Mon, Mar 17, 2003 at 01:13:19PM -0700, Didier Caamano wrote: > Greetings to all: > > I was wondering how I can configure apache 1.3 to not allow visitors to > view the source code of the page when they click on View ->Source > > Is there any option in apache to do that?, any hint will be appretiated. Nope. That's an entirely client side issue. The browser needs the HTML source to render the page so that is what apache needs to send out. There are some particularly annoying and invasive things that you can do with javascript to hinder (although not fully prevent) source viewing. It's impossible to prevent, as people can have javascript turned off, and if their browser caches the document they can simply open it up in a text editor, amongst other things. Your best bet is to try a different approach that does not rely on hiding the source. Rob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I need a little help
-- Didier Caamano <[EMAIL PROTECTED]> wrote (on Monday, 17 March 2003, 01:13 PM -0700): > Greetings to all: > > I was wondering how I can configure apache 1.3 to not allow visitors to > view the source code of the page when they click on View ->Source > > Is there any option in apache to do that?, any hint will be appretiated. Nope. If you have it up publicly on the web for people to see, they can grab it. There are javascript workarounds for this sort of thing, but they won't discourage the determined. Take a look at the wget package if you need more proof. ;-) -- Matthew Weier O'Phinney [EMAIL PROTECTED] http://matthew.weierophinney.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I need a little help
> Is there any option in apache to do that? Of course there is not. If you think about how HTML/ and any other www-service works, you will understand why. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I need a little help
> Greetings to all: > > I was wondering how I can configure apache 1.3 to not allow visitors to view > the source code of the page when they click on View ->Source > > Is there any option in apache to do that?, any hint will be appretiated. > > Didier. In a word - no! Why would you want to? The whole point of web pages is that people can view them! Andrew -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I need a little help
On Mon, Mar 17, 2003 at 01:13:19PM -0700, Didier Caamano wrote: > I was wondering how I can configure apache 1.3 to not allow visitors to > view the source code of the page when they click on View ->Source > > Is there any option in apache to do that?, any hint will be appretiated. Erm... how can you not allow visitors to view the source? Their browsers download the source and render it to be displayed. Even if there were some flag that would prevent the user from viewing the unrendered source on some browsers, it would be useless. All it would take is a browser that doesn't respect the flag, looking through their cache, or "telnet yoursite 80". Why would you not want your visitors to see the page's source? -- Seneca [EMAIL PROTECTED] pgp0.pgp Description: PGP signature
Re: I need a little help
On Mon, 17 Mar 2003 at 1:13pm, Didier Caamano wrote: :I was wondering how I can configure apache 1.3 to not allow visitors to view :the source code of the page when they click on View ->Source Impossible. If their browser can render the page, it has the source. Viewing it is out of your control. Patrick -- Patrick Wiseman [EMAIL PROTECTED] Linux user #17943 *Google First, Ask Later* -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
I need a little help
Greetings to all: I was wondering how I can configure apache 1.3 to not allow visitors to view the source code of the page when they click on View ->Source Is there any option in apache to do that?, any hint will be appretiated. Didier. "Nothing would please me more than being able to hire ten programmers and deluge the hoby market with good software"...Bill Gates 1976...We're still waiting _ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
[semi-off topic]I need a little help ...
Hello, I finally got Debian (mostly rex) installed on my Toshiba Tecra 720CDT laptop. I need some help getting a handle on a few things though. I can't seem to find the key combo to switch resolutions under X. On a desktop system, this is just CTL-ALT-(+/-), but the "+" is on the number pad. guess what, I don't have a number pad! Any help would be appreciated. Also, anybody have one of these working with the built in modem? Thanks in advance. Richard G. Roberto [EMAIL PROTECTED] 011-81-3-3437-7967 - Tokyo, Japan -- *** Bear Stearns is not responsible for any recommendation, solicitation, offer or agreement or any information about any transaction, customer account or account activity contained in this communication. *** -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]