[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: I need a little help



On Mon, Mar 17, 2003 at 04:00:43PM -0700, Didier Caamano wrote:
> Is not that I don't want to share or soimething like that, is just I have 
> some scripts that need to be part of the web page code but they compromise 
> in some ways the security  of the site and the privacy of those who are 
> part/members of the organization.
> 
> As a result, I was wondering how could I hide the code, or the part of the 
> code that I don't want my visitors to see. I see now that there is no way, 
> or at least with apache. But I still need to hide at least those path for 
> the scripts that could compromise the site.

The problem you're having is thinking that it's anything to /do/ with 
Apache - it's not!

Even if you manage to "hide" the scripts, you're still going to come 
down to a single problem: if the scripts are destined to be run on the 
client - on the user's machine, not your server - then someone /will/ 
get hold of the source to them.

So I'd suggest that the question then becomes "how can I write these 
scripts in a way that they don't compromise the security of the 
site/server/whatever?"

The simple - but totally useless - answer is "don't trust the client."

Why useless?  Well, it doesn't tell you about /how/ to do it, just 
/what/ to do.  That's all I can tell you, but I'm fairly sure it's the 
way you should be going.

Remember - if your scripts can pass back information to your servers 
from the client machine, then anyone malicious can pass back carefully 
crafted data to take advantage of your servers.  You /have/ to assume 
that this will be done so as to make sure that it has as little affect 
as possible!

> By the way, thank very much to you guys for your answers. Have a nice day.
> Didier.

  jc

[CC'd you because - I don't know why - I just get the feeling 
that perhaps you're not subscribed :-]



Reply to: