Re: I need a little help
On Mon, Mar 17, 2003 at 04:00:43PM -0700, Didier Caamano wrote:
> Is not that I don't want to share or soimething like that, is just I have
> some scripts that need to be part of the web page code but they compromise
> in some ways the security of the site and the privacy of those who are
> part/members of the organization.
>
> As a result, I was wondering how could I hide the code, or the part of the
> code that I don't want my visitors to see. I see now that there is no way,
> or at least with apache. But I still need to hide at least those path for
> the scripts that could compromise the site.
The problem you're having is thinking that it's anything to /do/ with
Apache - it's not!
Even if you manage to "hide" the scripts, you're still going to come
down to a single problem: if the scripts are destined to be run on the
client - on the user's machine, not your server - then someone /will/
get hold of the source to them.
So I'd suggest that the question then becomes "how can I write these
scripts in a way that they don't compromise the security of the
site/server/whatever?"
The simple - but totally useless - answer is "don't trust the client."
Why useless? Well, it doesn't tell you about /how/ to do it, just
/what/ to do. That's all I can tell you, but I'm fairly sure it's the
way you should be going.
Remember - if your scripts can pass back information to your servers
from the client machine, then anyone malicious can pass back carefully
crafted data to take advantage of your servers. You /have/ to assume
that this will be done so as to make sure that it has as little affect
as possible!
> By the way, thank very much to you guys for your answers. Have a nice day.
> Didier.
jc
[CC'd you because - I don't know why - I just get the feeling
that perhaps you're not subscribed :-]
Reply to: