Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > security, jsp, ajax, how to hide the URL or the javascript.js in web container

Reply
Thread Tools

security, jsp, ajax, how to hide the URL or the javascript.js in web container

 
 
John_Woo
Guest
Posts: n/a
 
      11-07-2006
Hi,

We are going to apply AJAX and struts in a web app. One thing we have
to concern is the security issue.

let's say we put the javascript.js in a folder where jsp can load, and
then specify the url in the javascript; but user can view the jsp via
web-browser's view source function, thus he/she can load the javascript
file as well, namely the url inside the javascript is no way to hide.

Can anyone have idea on this?

--
Thanks lots
John
Toronto

 
Reply With Quote
 
 
 
 
Chris Uppal
Guest
Posts: n/a
 
      11-07-2006
John_Woo wrote:

> let's say we put the javascript.js in a folder where jsp can load, and
> then specify the url in the javascript; but user can view the jsp via
> web-browser's view source function, thus he/she can load the javascript
> file as well, namely the url inside the javascript is no way to hide.
>
> Can anyone have idea on this?


Yes. Don't even think about trying to prevent people reading your client-side
JavaScript. It is intrinsically open, and if your application's security
depends to the slightest extent on the users not being able to see, read, or
manipulate that (or anything else sent between browser and server) then your
application is /VERY SERIOUSLY/ broken. (In the sense of "sack the designer
instantly for gross professional negligence").

Of course, you may only want to hide this stuff to stop users being /tempted/
to meddle (even though they wouldn't be able to break anything important if
they did try it). If so then that's perfectly reasonable -- but I can't tell
you how to do it. Indeed, I doubt it if is possible -- if the user has enough
smarts to meddle in the first, then they'll quite probably have configured
their browser to ignore anything you can do to make it difficult.

-- chris




 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: How include a large array? Edward A. Falk C Programming 1 04-04-2013 08:07 PM
hide the real web form path or URL, and the web page name =?Utf-8?B?ZGF2aWQ=?= ASP .Net 2 04-29-2005 07:12 PM
std::transform container => std::abs(container) Steven T. Hatton C++ 4 12-05-2004 07:10 AM
STL: container's values setup by another container Maitre Bart C++ 2 02-11-2004 12:11 AM
std::container::iterator vs std::container::pointer Vivi Orunitia C++ 11 02-04-2004 08:09 AM



Advertisments