security, jsp, ajax, how to hide the URL or the javascript.js in web container

Discussion in 'Java' started by John_Woo, Nov 7, 2006.

  1. John_Woo

    John_Woo Guest

    Hi,

    We are going to apply AJAX and struts in a web app. One thing we have
    to concern is the security issue.

    let's say we put the javascript.js in a folder where jsp can load, and
    then specify the url in the javascript; but user can view the jsp via
    web-browser's view source function, thus he/she can load the javascript
    file as well, namely the url inside the javascript is no way to hide.

    Can anyone have idea on this?

    --
    Thanks lots
    John
    Toronto
    John_Woo, Nov 7, 2006
    #1
    1. Advertising

  2. John_Woo

    Chris Uppal Guest

    John_Woo wrote:

    > let's say we put the javascript.js in a folder where jsp can load, and
    > then specify the url in the javascript; but user can view the jsp via
    > web-browser's view source function, thus he/she can load the javascript
    > file as well, namely the url inside the javascript is no way to hide.
    >
    > Can anyone have idea on this?


    Yes. Don't even think about trying to prevent people reading your client-side
    JavaScript. It is intrinsically open, and if your application's security
    depends to the slightest extent on the users not being able to see, read, or
    manipulate that (or anything else sent between browser and server) then your
    application is /VERY SERIOUSLY/ broken. (In the sense of "sack the designer
    instantly for gross professional negligence").

    Of course, you may only want to hide this stuff to stop users being /tempted/
    to meddle (even though they wouldn't be able to break anything important if
    they did try it). If so then that's perfectly reasonable -- but I can't tell
    you how to do it. Indeed, I doubt it if is possible -- if the user has enough
    smarts to meddle in the first, then they'll quite probably have configured
    their browser to ignore anything you can do to make it difficult.

    -- chris
    Chris Uppal, Nov 7, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?ZGF2aWQ=?=
    Replies:
    2
    Views:
    5,349
    =?Utf-8?B?ZGF2aWQ=?=
    Apr 29, 2005
  2. sarath

    Hide URL inside a jsp page

    sarath, Aug 18, 2005, in forum: Java
    Replies:
    2
    Views:
    5,215
    Roedy Green
    Aug 20, 2005
  3. Vivi Orunitia
    Replies:
    11
    Views:
    4,451
    Martijn Lievaart
    Feb 4, 2004
  4. Replies:
    0
    Views:
    4,336
  5. minnie
    Replies:
    1
    Views:
    671
    Andrew Thompson
    Dec 13, 2006
Loading...

Share This Page