NYCPHP Meetup

NYPHP.org

[nycphp-talk] securing a file w/ htaccess?

Andrew Yochum andrew at plexpod.com
Thu Nov 17 11:11:21 EST 2005


On Thu, Nov 17, 2005 at 11:01:40AM -0500, billy reisinger wrote:
> Hello, all -
> This is probably a simple thing, but here goes:
> I have a JavaScript file in an includes directory that I want to keep
> private - i.e. I don't want anyone to be able to pull it up in their
> web browser so that they can see the contents of it.  On the other
> hand, I need a certain php script to be able to have access to it.
> All of this is in a shared hosting environment.

A few things:

Completely protecting javascript is impossible, AFAIK.

There are javascript "encoders" that obfuscate it. Google around.

You might serve the javascript out of a PHP script that checks to see if
the referrer is your desired script. Or use mod_rewrite to check the
referrer. These are standard "hot link protection" methods, often used
to prevent reuse of images, javascript or other assets. This however far
from foolproof.  The referrer can be faked, the script read from browser
cache, etc.

If you are concerned about someone reading the source code, using it for
their own purposes or finding out some super secret proprietary business
info then it shouldn't be done client side.  Do it server side.

HTH,
Andrew

-- 
Andrew Yochum
Plexpod
andrew at plexpod.com
718-360-0879



More information about the talk mailing list