|
Even if you use external .js and html (I believe that you can use external HTML much like you can use external .js--correct me if I am wrong) it stores the .js and .htm(l) in TEMP directory under the named external file. The average "User" will not know where to look or how to modify, but someone with some knowledge may be able to modify the browser settings NOT to re-download the page and .js. One security setting you can use is to generate an expiring alpha-numeric random key(expires after each successful request or after a set time limit) of random length in the form, (time and date stamp this random key in a file)....if the key doesn't match the user or is older than specified, then your cgi should send the user away to a "NOT ALLOWED" page and disregard the request. This also prevents bookmarking, corruption of data or a user playing havoc with the url variables(If they know how to do that..) Jeffrey Flaker Senior Programmer/Analyst Linens 'N Things 6 Brighton Rd Clifton, NJ 07015 Phone: 973-249-4384 Fax: 973-249-4901 http://www.lnt.com -----Original Message----- From: Eric Kempter [mailto:EKempter@xxxxxxxxxxxxxxx] Sent: Thursday, July 31, 2003 3:55 PM To: Web Enabling the AS400 / iSeries Subject: RE: [WEB400] Hiding HTML Source That might work if security has been put in place to prevent a user from viewing / downloading the .js file. If you know the URL (path) to the .js you can view/download it unless security has been put in place to prevent it. -----Original Message----- From: Hatzenbeler, Tim [mailto:thatzenbeler@xxxxxxxxxxxxx] Sent: Thursday, July 31, 2003 9:31 AM To: 'Web Enabling the AS400 / iSeries' Subject: RE: [WEB400] Hiding HTML Source Just an untested thought... 1st off, if a person writes their own browser to capture the input stream, no hiding of code, can be done... But, within explorer, I have noticed, that if you link to an external .js (javascript file) you don't see that code... You just see the link... Maybe you could create your html, in a JS file, using a bunch of writes, and then have your main html link to the JS... Tim > -----Original Message----- > From: Shannon O'Donnell [SMTP:sodonnell@xxxxxxxxxxxxxxx] > Sent: Thursday, July 31, 2003 9:22 AM > To: Web Enabling the AS400 / iSeries > Subject: [WEB400] Hiding HTML Source > > Hi, > > Just a thought that occurred to me in passing.... > > I've seen IIS based Web Servers that send a web page with an embedded > ActiveX object in it and this ActiveX object actually pushes the "current" > HTML code out to the browser in such a way that there is no way for the > user to view the HTML source. > > I always thought that this was kind of cool and a great way to hide HTML > code. > > But I wonder, short of using ActiveX, if there is any "native" (i.e., from > the AS/400) method of sending out HTML to the browser, but in such as way > that it is not viewable by the end user. > > I know that you could write some JavaScript to prevent right-clicking and > viewing source, but JavaScript can be disabled. > > Anyway...this isn't mission critical, but I was just wondering if anyone > had any thoughts/ideas on how to achieve that effect from the AS/400. > > Thanks! > > Shannon O'Donnell > > _______________________________________________ > This is the Web Enabling the AS400 / iSeries (WEB400) mailing list > To post a message email: WEB400@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/web400 > or email: WEB400-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/web400. This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy the message. _______________________________________________ This is the Web Enabling the AS400 / iSeries (WEB400) mailing list To post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/web400. _______________________________________________ This is the Web Enabling the AS400 / iSeries (WEB400) mailing list To post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/web400.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.