disable file saving?
Results 1 to 8 of 8

Thread: disable file saving?

  1. #1
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407

    disable file saving?

    After browsing around this site posted by an admin here: http://scifi.pages.at/hackits/
    I started testing some things on my web server. Here is what I was trying to do in javascript. I wrote a small simple function that sets a variable as the password, and prompts the user for input and checks the users input against that password. I saved it as a .js file and had it load on a certain page on my server. What I was trying to do was disable a person being able to obtain the .js file. What I did to try and do this was first put in a directory protected by a .htaccess file. The problem with this is you have to know a username and password just to get to the password prompt. Then I tried making a directory called scripts on the server. This directory had permissions rwx--x--x. Then the file was in that directory with permissions rwxr--r--. I thought this would not allow someone to save this file by making a link to it. Then I tested it by making a link to the .js file and I right clicked and did save as and I was able to save the .js file. My question is how do I get it to where people are unable o obtain the .js file which clearly states the password. I tried making the permissions on it rwx--x--x but it wouldn't even run like that. I know some of you will say why not just use the .htaccess file on all directories you want restricted? The answer is that I don't want any directories restricted, I just want users to not be able to obtain the .js file. Can this be done?

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    What about using a language that is parsed before it's presented to the user? like php? (I'm just tossing it out as a suggestion as I don't know what your limitations are)
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I have php installed on the server. I just want to know if it is possible to deny access of someone saving a file to their harddrive. I think the answer is no under this condition, because for the script to run it has to have enough permission for someone to be able to save it. This was just me experimenting. If you want to see what I am talking about go here: http://24.243.64.239/number7.htm
    All you would have to do to get past that password prompt is right click on the link above and do save target as. Then look at the source to see where it is loading the script from in this case it is:
    http://24.243.64.239/scripts/pass.js
    Then make a link to that and right click and do save target as. And there you have it. Just open the .js file in a text editor and you're in. I just want to disable the user being able to right click on the second link and save the file. I don't think it can be done. Someone please prove me wrong.

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    What about disabling the right click option? (I thought there was a javascript code snippet that used to be used to prevent picture "scarfing")?

    http://www.learnxpress.com/modules/c...isable_rc.aspx

    http://www.jsr.communitech.net/disrtclick.htm


    http://websiteowner.info/articles/et...rightclick.asp <-- gives reasons why NOT to disable right click
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    That wouldn't work because then all they would have to do is know the location of the file, the make their own html page with a link to it and they could right click to their little hearts content. I don't think what I am trying to do is possible. I was just experimenting around. Thanks for the replies.

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    You *CANNOT* stop people being able to read the contents of your .js file. It is simply not possible.

    Even if the web browser had a way of preventing it, the user could still use a different tool, different web browser, or just sniff the js off the wire as it comes in (did I mention they could fish it out of their browser's disc cache?)

    The permissions on the file are on the server, and won't affect the file once it's downloaded. Having the server file unwriteable is a good idea, but won't stop the users.

    Using HTTP authentication is the way to go. You won't need to write any Javascript code, any login page etc, just protect the directory, and feel reasonably sure that nobody will be able to get in.

    Slarty

  7. #7
    Senior Member
    Join Date
    Aug 2003
    Posts
    300
    I don't believe it is possible to lock a .js file without taking the permission of actually 'using' the file away.

    [idea]

    If you have the ability for Pearl or some other server side languages simple do what Msmittens stated. If you do not have the ability Hotscipts has FREE downloadable scipts with many such password protect scripts.

    [/idea]


    Sorry for the rambling need to get to class peace!


    Adiz

  8. #8
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    Thanks for the replies gals/guys. That's pretty much what I thought. Just wanted to confirm.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •