Just want to know if there's a java script code equivalent to PHP's move_uploaded_file function?
No, javascript does not have the ability to have files uploaded to it or to move them around on a disk.
Javascript is sandboxed, meaning that it cant do anything outside of its running context.
This is for obvious security reasons... mainly the risk that a malicious site would upload some sort of virus or other malware to your device and then move it somewhere on your device using pure javascript...
This would be bad.
You need a server for file upload, the only thing you can do in javascript is an Ajax upload.
For example something like https://blueimp.github.io/jQuery-File-Upload/
Related
I developed a website using html and javascript. All my logic lies in javascript files. So I want to secure my javascript files being download when the user directly enters the url. Is it possible to restrict?
A javascript file is always downloaded by the client because the client has to be able to execute the code inside. The best thing you can do is obfuscate the javascript code.
Sadly there isn't a definite way to stop people downloading the JS files, CSS files or image files from your website as these are executed within the browser, the best you can do is to try and minify or obfuscate the files in such a way that they become near impossible to read and therefore use or copy.
A great example of obfuscating would be this: http://javascriptobfuscator.com/
A great example of minifying would be this: http://jscompress.com/
Trying using both for to make sure that there is little to no chance of the code being readable to nosey people.
If you restrict it from being downloaded, it is pretty hard for it to be downloaded by the browser to use it. :)
You can look into packing it:
http://dean.edwards.name/packer/
It will not make it secure, but will make people look the other way if they are too lazy to undo it.
A javascript file is always can downloaded by the client .reason the client has to be able to execute the code insidein web
u can try using .htaccess like:
<Files ~ "(.js|.css)">
Order allow,deny
Deny from all
</Files>
How to restrict/forbid access to specific file types such as .js .css inside a .htaccess file?
Being new to .htaccess concept, I have a basic question.
I tried to protect a directory which hosts my stored procedure files... this is because I need not anyone else accessing the code of the file. My issue is the following:
When I try to access a file of the directory through javascript as part of my coding, the same pop up comes up requiring username and password. How can this be resolved?
Please advise if the route I am taking is wrong.
My intention is that the code should have access to stored procedure files, but none should have access to the actual file content. This can be applicable for css files or javascript files as well.
You can't differentiate between a client asking for a resource because your code asked it to and the same client asking for a resource for some other reason.
Even if you could, then the resource would still be available to the owner of the client, without making another request for it, through (for example) the developer tools built into most browsers.
If the files you're talking about are all Javascript then protecting them like that isn't really feasible. They are client-side scripts, meaning they need to be downloaded by the user's browser. Unfortunately, you can't reliably tell the difference between a browser downloading them as part of an HTML page, and a user downloading them directly to steal them.
The best you can do is obfuscate the files to make them difficult to understand. That will never prevent a determined code thief though.
I have developed AES algorithm in JavaScript and Java for secure communication between browser and server. And I am using that JS file with tag, now when we right click on the page we can see view source, in that view source only location of JavaScript file is visible. I am worried that whether any such tool is available that can retrieve that JavaScript file pointed by ? If yes then my key will be exposed. Is there any work around to it?
Your Javascript code executes on the client.
Therefore, the client can read and execute that code.
Client-side cryptography is (mostly) an exercise in futility.
Your system is not secure.
If I assume that your javascript src tag looks like this:
<script src="www.mydomain.com/scripts/login.js" />
Then all I need to do is put: www.mydomain.com/scripts/login.js in my address bar and I can read your JavaScript file plain as day. You might be interested in implementing some JavaScript obfuscation though. Here is a decent post: How can I obfuscate (protect) JavaScript? you can also Google 'JavaScript Obfuscation' for a multitude of information.
This is obviously security through obscurity which isn't really security at all but I suppose it is better then nothing in your case.
So I realize that anyone can view the javascript in-line with HTML running in their browser, so if I use an external js library on my server will its contents be completely hidden?
Another question is are there any cases where it's better to use in-line javascript, like with jQuery or something, or is there really no down side to just using a js library for all of it?
No, there is no way that your javascript will ever be "hidden". Anything that can be run in a browser can be trivially saved and inspected. The best you can do is use an obfuscator.
The downside to using an external file is that it's another request. The upside is that it can be cached independently. For best performance, code that will be used from more than one page should be stored in its own file, and code that is page-specific is better off being stored within the page that uses it.
JavaScript operates on the Browser level, that means that the browser at some point read your JS (external or internal same s.). You can easily conclude from this that if at some point the JS is now registered by the browser, and it's accessible by anyone with a bit more knowledge in web stuff. you'll not be able to hide your JS trickery.
Pus inside your JS a Copyright notice and pray.
Never send sensitive data through the yellow wire.
If you have some extra sensitive strings, encode and compare them on server side - sending them like MD5 or in some SHA model to the server.
Javascript, with the exception of something like node, operates client-side so you can't really use an "external js library" on your server, whatever that means.
Best practices dictate that you should almost always reference your javascript using <script> tags and link to your javascript file using the src attribute.
I need to edit an xml file using javascript. Now I'm involved in a project of online testing.
The question.xml file is already in the project folder.
In that i want to add or edit the questions(only using javascript). I'm able to bring the particular content through ajax, but I am not able to edit the file.
Javascript can't write to a file. The best you'll be able to do is get Javascript to read and edit the XML then post that data to a server-side script to write to file.
Until now, Google Chrome is the only web browser that has a functioning implementation of the FileSystem API, therefore, it may allow you to save files locally using only Javascript.
Obviously, for security reasons, when writing files to the local file system, the user must explicitly allow it.
A working tutorial: http://www.html5rocks.com/en/tutorials/file/filesystem/
Nickf is correct. The reason Javascript can't write to a file is because it is a Client-Side language. Javascript will never have permission to write a file because it has to operate inside the browser sandbox.
You will need to use a server-side script (.NET, PHP, ColdFusion, etc) to write the file.
If you are willing to use Google Gears, you get a sandbox on the client machine on which you can write files.
Javascript has no built-in file I/O (a.k.a. you can't do it with JS alone)
Instead use some kind of server side language such as PHP or ASP.NET in conjunction with Javascript's AJAX functionality.
Look over Adobe's Flex development system. There are ways you can use it to build an app that runs in the browser (or not) and can access the filesystem (Windows/Mac/Linux). It's programmed in ActionScript, a dialect of javascript; and can interoperate with javascript in the browser.