There is no way to hide code (continued): how to read statistics?

Re: There is no way to hide code (continued): how to read statistics?

Dung Ping said:[color=blue]
>
>A while ago I posted a message saying that saving Javascript code as
>external file might hide the code better. All replies to it said it
>would still be very easy for people to look at the source code. I
>sometimes look at the source code if a page is impressive or
>interesting, but have never opened any external file.
>
>As experiment, I saved a Javascript code of a web page as the external
>file of it. After several days, I looked at the statistics of the web
>site, and found the web page was hit, for instance, 100 times, and the
>external files was hit 35 times.
>
>Does this mean that the external file was separately opened 35 times?[/color]

That means that your main web page was hit 35 times by people who hadn't already
cached the external js file. The file must be downloaded to their browser in
order to work. That's another reason why it isn't secure.

For what it's worth, just this morning I hit a production web page that didn't
work properly in Firefox, so I looked at the source which led me to their
external js file. I opened that and found the error and reported it to the
webmaster. Very easy.

Re: There is no way to hide code (continued): how to read statistics?

Dung Ping wrote:
[color=blue]
> As experiment, I saved a Javascript code of a web page as the external
> file of it. After several days, I looked at the statistics of the web
> site, and found the web page was hit, for instance, 100 times, and the
> external files was hit 35 times.[/color]
[color=blue]
> Does this mean that the external file was separately opened 35 times?[/color]

No, it means that there were 100 hits to the web page, and 35 hits to the
script file. Its possible that none of those hits were from people actually
looking at the page and that 35 people opened it by hand, but its unlikely.
More likely of the 100 hits to the main page, some were revisits and had
the script file in their cache (and didn't bother downloading it again),
and some were from clients without JavaScript (such as GoogleBot).

--
David Dorward <http://blog.dorward.me .uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is

Re: There is no way to hide code (continued): how to read statistics?

On the other hand, you can thwart a passing attempt at getting your code
by denying it to be served if the http referrer isn't equal to the page
it's supposed to be served from.

If anyone types the URL of the JS file directly into their browser
they'll get squat.

Of course, this won't even really slow down someone who is determined to
get your code.

-Jeremy

Dung Ping wrote:[color=blue]
> A while ago I posted a message saying that saving Javascript code as
> external file might hide the code better. All replies to it said it
> would still be very easy for people to look at the source code. I
> sometimes look at the source code if a page is impressive or
> interesting, but have never opened any external file.
>
> As experiment, I saved a Javascript code of a web page as the external
> file of it. After several days, I looked at the statistics of the web
> site, and found the web page was hit, for instance, 100 times, and the
> external files was hit 35 times.
>
> Does this mean that the external file was separately opened 35 times?
>
> Thanks.
> Dung Ping
>[/color]

Re: There is no way to hide code (continued): how to read statistics?

On 13/10/2005 23:46, Jeremy wrote:
[color=blue]
> On the other hand, you can thwart a passing attempt at getting your code
> by denying it to be served if the http referrer isn't equal to the page
> it's supposed to be served from.[/color]

But that will prevent anyone from accessing the script if they choose to
prevent their browser from sending the Referer [sic] header, or use a
proxy that strips it. Referer checks should only be made if a header is
actually sent.

[snip]
[color=blue]
> Of course, this won't even really slow down someone who is determined to
> get your code.[/color]

True. Telnet and wget, to name two ways.

Mike


Please don't top-post to this group.

--
Michael Winter
Prefix subject with [News] before replying by e-mail.

Re: There is no way to hide code (continued): how to read statistics?

Michael Winter wrote:[color=blue]
> [snip]
> Please don't top-post to this group.
>[/color]

My apologies. I never really understood the emnity for top-posting, but
if them's the rules then that's that.

Re: There is no way to hide code (continued): how to read statistics?

Jeremy wrote:
[color=blue]
> My apologies. I never really understood the emnity for top-posting, but
> if them's the rules then that's that.[/color]

Argh. s/emnity/enmity.

*makes coffee*