I developed a website using html and javascript. All my logic lies in javascript files. So I want to secure my javascript files being download when the user directly enters the url. Is it possible to restrict?
A javascript file is always downloaded by the client because the client has to be able to execute the code inside. The best thing you can do is obfuscate the javascript code.
Sadly there isn't a definite way to stop people downloading the JS files, CSS files or image files from your website as these are executed within the browser, the best you can do is to try and minify or obfuscate the files in such a way that they become near impossible to read and therefore use or copy.
A great example of obfuscating would be this: http://javascriptobfuscator.com/
A great example of minifying would be this: http://jscompress.com/
Trying using both for to make sure that there is little to no chance of the code being readable to nosey people.
If you restrict it from being downloaded, it is pretty hard for it to be downloaded by the browser to use it. :)
You can look into packing it:
http://dean.edwards.name/packer/
It will not make it secure, but will make people look the other way if they are too lazy to undo it.
A javascript file is always can downloaded by the client .reason the client has to be able to execute the code insidein web
u can try using .htaccess like:
<Files ~ "(.js|.css)">
Order allow,deny
Deny from all
</Files>
How to restrict/forbid access to specific file types such as .js .css inside a .htaccess file?
Related
Just want to know if there's a java script code equivalent to PHP's move_uploaded_file function?
No, javascript does not have the ability to have files uploaded to it or to move them around on a disk.
Javascript is sandboxed, meaning that it cant do anything outside of its running context.
This is for obvious security reasons... mainly the risk that a malicious site would upload some sort of virus or other malware to your device and then move it somewhere on your device using pure javascript...
This would be bad.
You need a server for file upload, the only thing you can do in javascript is an Ajax upload.
For example something like https://blueimp.github.io/jQuery-File-Upload/
I have a node web app where i want to hide js files which I have created for the client side?
how can this be achieved? I do not want people viewing the files.
Node runs on the server. All the JavaScript that runs on the server can be hidden. Any JavaScript delivered to the client and run in the user's browser cannot be hidden (though it can be obfuscated).
You cannot "hide" the JS files since the JS interpreter also has to be able to access them.
You can however obfuscate them, so that they cannot be easily read.
It is not possible but you can use something like uglify to make the javascript unintelligible.
You cannot hide the js files but you can provide security to the JS files by minifying them.
You can find many minifier in the online.
JS Compressor is a one of the minifiers.
Try it.
I designed one website but I don't want to give access to end user to download my css and js files.
because If I designed one website so anybody can stolen my design by downloading my css and js files.
So is there any mechanism for secure our css and js files?
There is not really any way to secure your CSS and JS from being downloaded as the users browser needs to download these files.
One technique which is normally used to reduce CSS and JS file sizes is minification. Although it does not secure the files as such, it makes JS far harder to understand when you choose to mangle the variable names.
Online JS minifier to try out
It is not possible. Browser need to read your css file and js file. If browser can read then user can read also. You can minify your codes only e.g http://refresh-sf.com/yui/ and also you can add copyright comment blocks.
For javascript I would suggest you to use Base62 encoding.
This will also reduce the size and thus boost the performance since there will be less loading time
You can do base 62 encoding here
Other than that you cannot host your javascript file into an non downloadable form!!
Same goes with CSS too.
Once someone enters the full link the css/js files will be shown. All the files be available in the clien machine!!
To put up a plain straight answer to your question, the answer is NO
In order for visitors to see and use your site, they will have to download the necessary styles and scripts.
You can compress and obfuscate your code of course (the former actually benefits the end-user), but that's the best you can do; it won't stop someone from ripping it and using it as-is for their own nefarious purposes.
Now, your code is technically copyrighted; if you find someone who infringed on this copyright and they're using either a literal copy or a substantial part of your original work, you could theoretically sue them. Whether this is a viable approach is a tough question to answer and you will need someone with at least some kind of law degree and/or experience in this field.
Personally I would say that your chances of successful legal retribution are low, but so is the chance of someone stealing your code and profiting from it.
After searching around in Google for a while I have not had any luck or guidance in my question.
I want to be able to load up a website using javascript, ajax, in order to reduce the amount of requests needed by the server from the client. My goal is to embed/encode data within an image such that only the client needs to request this image through ajax call, and then be decoded to find the js, css, and other files needed. Then the js, css and other files will be inserted into the DOM.
If I can get the above to work then I could have a lot of flexibility on how my webapp is loaded and be able to notify the user how close the webapp is to being ready for viewing.
Currently my problem is that I cannot find how I would encode the data within an image.
Even if this is not the way to be going about serving up a webapp my curiosity is getting the best of me and I would just really like to do this.
Any guidance or pointers would be greatly appreciated!
Also: I am learning Python so if you know of a python module that I could play with that would be cool. Currently i'm playing with the pypng module to see if this could be done.
To be frank. Don't do that.
The brightest minds on earth use other methods to keep the number of requests and response time down. The most common technique for minimizing the number of requests is called Bundling. In short, you just copy'n paste all js files after each other into one big js file and all the css files into one big css file. This way you need to download two files, one js and one css. Better than that is usually not worth the trouble.
To further keep response times down you usually minify your js and css files. This is a process where all white space, comments, etc are removed and internal variable names are made as short as possible.
Finally you can serve both js and css files as gziped files to further reduce the file size to transfer.
There are many tools out there that does both bundling and minification for you. Google and pick one that suits your other tooling support.
The documentation for tinymce notes that one can compress all the javascript and components (which I assume includes plugins) into a single file. They do note reasons why one might not want to that as well.
Compressing into a static file
It's also possible to simply concatenate the necessary components and some boilerplate code into a single .js file. However you will always have to recreate this file if you want to use other TinyMCE plugins, or you upgrade TinyMCE. You will also probably want to configure your webserver to compress javascript files.
But assuming one actually did want to do it, how does one actually go about it? Build.xml does does not provide an appropriate task it seems. At least when I tried it the plugins did not seem to be included when I loaded tiny_mce.js.
There are some really excellent command line tools for this, but you can also do this easily with just a text editor. The simplest way is to just open each file, copy the contents, and paste the contents into a single JS file ("everything-all-together.js", say). You'll need to make sure you paste the files into the single file in the same order you would've put the script tags into the HTML doc. Once you have all the files all together, you can use tools like JSXMin, YUI Compressor, or Google Closure. There are also some tools online that do this, like http://www.minifyjavascript.com/. You can paste in the uncompressed JS and copy back out the compressed JS. This makes the build process really cumbersome, but if you just need to do this once, that will get you there.
The best way to do this is to do it as a build step for the site. That means when you make changes to the JS files, you rebuild the compressed JS file to include the changes as well. This can be a cumbersome step if you're iterating quickly and changing files over and over again. You don't want to have to rebuild the compressed file with each save. You can solve this by setting up development and production modes of the site. When being loaded in development mode, the JS files aren't grouped together. When all the necessary changes are made, you'd rerun the build step to generate the single compressed JS file. To do the minification from the command line, you'd probably want to use Google Closure: https://developers.google.com/closure/compiler/. If you download the compiler app, you can do the following:
java -jar compiler.jar some-file.js some-other-file.js > compiled.js
That will generate a file called compiled.js that includes the contents of some-file.js and some-other-file.js in a minified format. You can specify as many files to compile as you need to. Actually, I'm selling Closure a bit short to say it's just minified. It's also extremely optimized code. Pretty much every site should be doing this to all of there JS all the time unless they're already doing something better.
I hope I'm getting you (and the tinymce docs) right, but this sounds a lot like combining JavaScript files on the server side. This means taking the contents of all of your JS files, putting them into one file and returning that one to the client.
Why would you do that? Well, this should be obvious, but.. you reduce the number of HTTP requests to your server, which is always a good thing.
How do you do that? There are many solutions out there for all server-side languages and frameworks, I suggest doing a Google search for "[your language] javascript minifier" or something similar.
Hope this helps.