|
Displaying Source Code(s)
|
|
Protect your Client Side Script with ASP
--------------------------------------------------------------------------------
Description : This code will allow you to use ASP to check that
the request for your JavaScript and VBScript is a real request
or just someone trying to steal your code. If the
request.servervariables(HTTP_REFERER) returns a page from your
site then your return the JavaScript if
request.servervariables(HTTP_REFERER) does not return a page
from your site you return an appropriate response of your own.
'**************************************
' Name: Protect your Client Side Script
' with ASP v1.1
' Description:This code will allow you t
' o use ASP to check that the request for
' your JavaScript and VBScript is a "real"
' request or just someone trying to steal
' your code. If the request.servervariable
' s("HTTP_REFERER") returns a page from yo
' ur site then your return the JavaScript
' if request.servervariables("HTTP_REFERER
' ") doesn't return a page from your site
' you return an appropriate response of yo
' ur own.
' Inputs:This is the basic idea laid out
' for you to examine. You will still have
' to do a little work to integrate it in t
' o your site but it isn't much more than
' copy and paste.
The Input Request.ServerVariables("HTTP_REFERER") which Is
automatically sent by the browser.
'
' Returns:Will return the JavaScript or
' VBScript if appropriate, if not a messag
' e to the user.
'
' Assumes:Pretty basic really, but if yo
' u have any questions then post them and
' I'll try to answer them. I'll be doing a
' n example of this on my site http://www.
' cjcraft.com someday :P
'
' Side Effects:It doesn't seem to work o
' n Netscape without setting up IIS to par
' se .js files like it does .asp. The user
' can still open the file from the user's
' cache unless you include:
<%
Response.Expires = 60
Response.ExpiresAbsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
%>
At the top of the protected JavaScript file. This Is stop the
browser from saving a Local copy of the file.
'
Use the line below In place of your normal JavaScript include
line.
<SCRIPT src="testcjs.asp" language="JavaScript" Type="text/javascript"></SCRIPT>
Use the code below In place of your normal JavaScript .JS file.
It must be saved As a .ASP file Or it will Not work. Actually,
you can Set IIS server To read .js files just like it does .asp
files. This Is a good idea To hide your protection scheme For
any users who are trying bypass it. Then you could save it As a
.js file.
If you Do this a lot more people will be stumped.
Of course you could just As easily protect your vbscript With
the technique too.
<%
' This is to force file to open save as
' dialog box and not open in user's browse
' r
' It would be even safer to have it as "
' badtype/badtype" instead of "text/javasc
' ript"
Response.ContentType = "text/javascript"
' Set the line below to the page that wi
' ll be granted acess to the file
' You could change the test to allow all
' pages on your site access, etc.
If (Request.ServerVariables("HTTP_REFERER") = "http://www.mysite.com/myfolder/mypage.asp")
Then
%>
/* This Is where you put the real JavaScript that you want To
run */
document.write(" ACCESS GRANTED @ <%=time%> <BR/>");
document.write(" request.servervariables("HTTP_REFERER") = "<%=Request.ServerVariables("HTTP_REFERER")%>"");
<%
Else
%>
/* This Is where you put the message you want users To see In
place of your real JavaScript */
/* I wouldn't use the bottom line since it will give away your
protection scheme and help */
/* users find a way To break it */
No soup For you.
Request.ServerVariables("HTTP_REFERER") = "<%=request.servervariables("HTTP_REFERER")%>"
<%
End If
%> |
|
|
123
Eng