PHPers rejoice.. keep your JavaScript secure!
Moderator: General Moderators
Ok last attempt for now.
What happens when you save the entire page at http://www.urbanchaos.net/Lockdown2/ ?
I'm not too worried about Firebird being able to download the javascript because hardly anyone uses Firebird and the site(s) I'm working on are either NS/IE only, or just IE only... any other browser will just get bounced off the site to a 'your browser is not compatible' page.
So I guess I'm really just making sure I can secure things for NS and IE.
What happens when you save the entire page at http://www.urbanchaos.net/Lockdown2/ ?
I'm not too worried about Firebird being able to download the javascript because hardly anyone uses Firebird and the site(s) I'm working on are either NS/IE only, or just IE only... any other browser will just get bounced off the site to a 'your browser is not compatible' page.
So I guess I'm really just making sure I can secure things for NS and IE.
add to that if you figure out that's what the second php is for, then you can get tot he file directly anyway, so it only slows it downpatrikG wrote:But the problem is not me accessing the .js-file in particular, rather ripping the entire website.
How is a webserver supposed to differentiate between a "normal" HTTP-request to dish out the data and a "rip"-request?
The solution your provider suggests doesn't help you there either. It simply prevents "direct" access to the file.
if firebird is mozilla, and mozilla and netscape are closely enough related to check as netscape/mozilla when looking, wouldn't that means if it's ns/ie then mozilla will get to it?Gen-ik wrote:Ok last attempt for now.
What happens when you save the entire page at http://www.urbanchaos.net/Lockdown2/ ?
I'm not too worried about Firebird being able to download the javascript because hardly anyone uses Firebird and the site(s) I'm working on are either NS/IE only, or just IE only... any other browser will just get bounced off the site to a 'your browser is not compatible' page.
So I guess I'm really just making sure I can secure things for NS and IE.
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
Yep that's true but the site won't work if this is done because the javascript only works on the more modern NS/IE browsers.twigletmac wrote:Unless they just modify their user-agent info so your site thinks they are IE or NS (both Mozilla and Opera can do this).
Mac
I normally run a triple-check on browsers anyway using PHP, JavaScript, and VBScript so it's rare that any 'un-wanted' browsers get through.
No because there are other ways to check browser types rather than just checking for 'mozilla' in the user-agent string.m3rajk wrote:if firebird is mozilla, and mozilla and netscape are closely enough related to check as netscape/mozilla when looking, wouldn't that means if it's ns/ie then mozilla will get to it?
I wrote:You may want to have a look at javascript.encode
http://msdn.microsoft.com/library/defau ... ncoder.aspm3rajk wrote:quartis: that is exactly why i was trying to figure out how to encode things so it'd be sent in gibberish.
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
Erm, Mozilla shares the same Gecko engine as the 'more modern' NS browsers. Opera is flaky when it comes to JavaScript but I've not had any problems with Mozilla thus far.Gen-ik wrote:Yep that's true but the site won't work if this is done because the javascript only works on the more modern NS/IE browsers.
Personally I don't understand why any web developer would prevent someone from accessing their site based on the browser they use. IMHO, if a site relies heavily on client-side stuff in order to work there should always be a server-side fallback position.
Mac
twigletmac wrote:Personally I don't understand why any web developer would prevent someone from accessing their site based on the browser they use. IMHO, if a site relies heavily on client-side stuff in order to work there should always be a server-side fallback position.
Mac
It's all down to what you want to do with the website. For example modern browsers allow the use of the document.innerHTML, document.getElementById, and document.getElementsByTagName, which allows for some great dynamic websites to be created.
For example the site I'm working on at the moment uses one page, and once the page has loaded it never needs to be refreshed. Any new data can be loaded out-of-site in an iframe and once loaded the content of the iframe can then be dynamically inserted into the current page.
You can do some cool stuff with this like having a Who's On-line panel which is updated every 10 seconds or so without refreshing the page.
I like to create sites that push website design and development forward, not hold it back because I have to make sure my sites work with the older, or crapper, browsers out there which people (for some unknown reason) are still using.
Some people might not agree with that but they are the people holding back website development, others are trying to push it forward.
Basically if your browser doesn't support the document. stuff above then you don't get into the website. Simple.
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
Because, they don't have a new computer? Because they have a disablity which means they use special software for web access?Gen-ik wrote:I like to create sites that push website design and development forward, not hold it back because I have to make sure my sites work with the older, or crapper, browsers out there which people (for some unknown reason) are still using.
I am one of those 'some people' who you seem to believe are holding back web design. But I don't think that me (or others like me) are holding back web design just because we think it's also important to remember that the web enables people who for one reason or another - poor eyesight, mobility problems - can't access a lot of what you take for granted. By all means have fancy effects on your web pages but don't make that the be all and end all. At the end of the day the web is about sharing information and it doesn't take much to make that information accessible.Gen-ik wrote:Some people might not agree with that but they are the people holding back website development, others are trying to push it forward.
There's no reason why you site has to look exactly the same in all browsers - it's the information which is important, not the bells and whistles.
Mac
Good point, but the sites I create are not geared towards people with disabilities, in fact it never has been and never will be a major influence in my website development. I'm not just talking about simple text based sites with a few fancy graphics on them, I'm taking about multi-user communities and 'virtual worlds' similar to Virtual Ibiza, Zing, and SoulKool which I am developing.twigletmac wrote:Because, they don't have a new computer? Because they have a disablity which means they use special software for web access?
Can you imagine Formular One being restricted to 50 MPH just because one of the drivers had a disability?
I guess it depends on the type of website you are designing. My sites don't take people with disbilities into account because the number of disabled people visiting the sites is minimal. I won't comprimise development or design for the few.twigletmac wrote:I am one of those 'some people' who you seem to believe are holding back web design. But I don't think that me (or others like me) are holding back web design just because we think it's also important to remember that the web enables people who for one reason or another - poor eyesight, mobility problems - can't access a lot of what you take for granted.
It never is just the be-all-and-end-all. Simply pasting fancy graphics all over a site won't cut it, doing something creative or new with the tools modern browsers offer is where the creativity is, and it's also where new advancements and ideas on and for the net will spring from.twigletmac wrote:By all means have fancy effects on your web pages but don't make that the be all and end all.
Stoker wrote:..as discussed and concluded many times in the past on this and other community medium; it is impossible to hide any type of source of whatever kind that the browser needs to parse; If the browser can fetch/decode it, so can anyone else..
Does that mean that securing a site using SSL is in fact pointless as anyone can get access to the info?
Would that mean any information passed to and from SSL pages on the server could get intercepted by anyone?
I'm sure this isn't the case. If it is then what's the point of SSL.