johnuk — 2009-11-20T12:28:21-05:00 — #1
Is this possible? I tried setting the public permissions (apache) to execute only. but the JS stoped working. Any input much appreciated!
p.s. sorry if this is the wrong forum
mirek_komarek — 2009-11-20T13:19:37-05:00 — #2
Has your application some user agent?
crmalibu — 2009-11-20T23:10:11-05:00 — #3
A web browser must be able to read the url, otherwise it can't execute the code.
If your application currently requires that a user not be able to see the code, then you need to rethink your design. You can obfuscate, but you will not be successful against a programmer.
philiptoop — 2009-11-21T18:07:07-05:00 — #4
felgall — 2009-11-21T20:23:05-05:00 — #5
mirek_komarek — 2009-11-23T15:10:26-05:00 — #6
checking for user agent is good, when you want some script run just for you, I used it on some website to hide link to admin section, it was visible just with FF + addon https://addons.mozilla.org/en-US/firefox/addon/59 and edited special user agent for this website.
felgall — 2009-11-23T15:26:36-05:00 — #7
[QUOTE=Mirek Komárek;4439960]checking for user agent is good, when you want some script run just for you,QUOTE]
That's a good idea. Just change the user agent so it contains something that will uniquely identify your browser eg. add your name into the user agent.
It doesn't stop someone else overriding that so as to get it to run anyway but it would prevent casual visitors from accessing it by accident.
mirek_komarek — 2009-11-23T15:40:03-05:00 — #8
There is just small problem when you forget to switch your special user agent and go to site, where they can identify you, because they will see that user agent in analytics counters and so on. So it is not very safe solution.
felgall — 2009-11-23T15:53:33-05:00 — #9
Only if you replace what is already in the user agent will it stand out. If you just add something to the useragent it will only be noticed if someone looks at the raw logs or decides to specifically track you.