 |
|
8000XXXX Errors Alerts ASP.NET 2.0
Classic ASP 1.0 COM / ActiveX Components Forms General Topics Date/Time Routines Email Scripts & Info Files/Directories & FSO Databases General Concepts Search Engine Optimization (SEO)Search
ASP FAQ Tutorials :: Classic ASP 1.0 :: General Topics :: How do I protect my client-side JavaScript code?
How do I protect my client-side JavaScript code?
This has been asked thousands of times over the past few years. Everyone wants to know how they can prevent nosy people from viewing or stealing their JavaScript. I have always responded with:
"If my browser can read it, so can I."
"If you don't want people to steal your JavaScript, don't put it on the web."
I have also often thought the following:
"If your Javascript is so revolutionary, you should probably be able to figure this out too."
"And if someone does steal your script, consider it a compliment."
In the past, many people have suggested ways to slow people down, and discourage casual, non-persistent people. But there has never been a way to stop anyone with a little more resourcefulness than your average house fly. <G>
Some of the solutions that have been offered in the past, and their workarounds:
Other legitimate ways to view JavaScript sent to the browser is by using packet sniffing technology,
Here is a funny excerpt from a post by Jeff Cochran, back in 1997:
UPDATE October 30, 2001
After many attempts at hiding my JavaScript code, I was thwarted every single time - by people using tactics ranging from intuitive to downright clever.
Once again, I have to tell you... if you need to hide your JavaScript code, you probably shouldn't put it on the web.
"If my browser can read it, so can I."
"If you don't want people to steal your JavaScript, don't put it on the web."
I have also often thought the following:
"If your Javascript is so revolutionary, you should probably be able to figure this out too."
"And if someone does steal your script, consider it a compliment."
In the past, many people have suggested ways to slow people down, and discourage casual, non-persistent people. But there has never been a way to stop anyone with a little more resourcefulness than your average house fly. <G>
Some of the solutions that have been offered in the past, and their workarounds:
| Proposed fix | Workaround(s) |
|---|---|
| Load the JS in a new window, with toolbar disabled | - view source by right-clicking within the window |
| Disable right-click by capturing oncontextmenu | - disable Javascript temporarily - use a browser that doesn't support oncontextmenu - load 'view-source:<url>' |
| Use JavaScript across frames, iframes, ilayers | - not difficult to find the proper page |
| Use JavaScript to write JavaScript | - disable JavaScript temporarily |
| 'Hide' the script using a remote JS file | - the .js file is in your cache |
| Encode the script using an encoder | - Microsoft's encoder was broken easily; perhaps you can write a better one |
| Obfuscate with unSpace or similar tools | - all this does is obfuscate, it doesn't make it hard to copy at all |
| All of the above | - a resourceful person will still be able to see your script, even if you employed all of the above at once |
Other legitimate ways to view JavaScript sent to the browser is by using packet sniffing technology,
Here is a funny excerpt from a post by Jeff Cochran, back in 1997:
Put the source on a floppy disk and bury it in a mason jar in your back yard. Make sure you delete all references to it from your system. To be extra sure, bury it blindfolded at night so you can't remember where it is in case foreign spies try to beat the location out of you.Of course, you could write it as a Java Applet to make it tougher to figure out, but then, if you knew how to do that you'd probably also be able to write something really worth protecting...
Jeff
PS: The mason jar trick works well to protect your .GIF files from being downloaded too...
UPDATE October 30, 2001
After many attempts at hiding my JavaScript code, I was thwarted every single time - by people using tactics ranging from intuitive to downright clever.
Once again, I have to tell you... if you need to hide your JavaScript code, you probably shouldn't put it on the web.
Related Articles
Can I bypass the ten connection limitation in Workstation / Professional? Can I compact / repair an Access database from ASP code? Can I create an array's size dynamically? Can I detect the presence of ActiveX controls, like Flash, from ASP? Can I dictate the load order of files on the client from ASP? Can I have optional parameters to my subs / functions? Can I host multiple sites in 2000 Workstation or XP Professional (e.g. PWS)? Can I mimic trim / ltrim / rtrim in JScript? Can I perform simple encryption / decryption in ASP? Can I run IIS 5.0 / ASP 3.0 on Windows NT 4.0 or Windows 9x? Can I run IIS on Windows Millennium or Windows XP Home? Can I use IP address to uniquely identify visitors? Does order matter when using different languages in ASP? How can I give them a better 404 message? How can I stop Photoshop from opening ASP files? How can I track when my site is added to a user's favorites? How do I access all active sessions on the server? How do I access my server's registry from an ASP page? How do I change a list into a set of table rows and columns? How do I change document names / extensions in IIS / PWS? How do I change the default server scripting language in InterDev? How do I cloak / hide URL and QueryString information? How do I comment blocks of ASP code? How do I control access to an area? How do I control printing from ASP? How do I convert a name to proper case? How do I convert exchange rates in ASP? How do I convert from Hex to Int and back? How do I convert numbers into words? How do I convert old IDC / HTX pages to ASP? How do I count the number of current users / sessions? How do I count the number of times x occurs in string y? How do I create a database from ASP? How do I create my own blog? How do I deal with disappearing application variables? How do I decode an encoded URL? How do I detect ENABLED cookies / javascript? How do I detect the browser's encryption level / cipher strength? How do I determine which version of IIS / ASP I'm running? How do I disable the back/forward buttons? How do I display the Euro symbol (€) in my ASP pages? How do I embed a TAB character into source code? How do I embed apostrophes (') and quotes (") in an HTML string? How do I embed ASP delimiters (<% or %>) in a string? How do I estimate the total size of my web page? How do I execute a DOS command / batch file / exe from ASP? How do I execute a ping command from ASP, and retrieve the results? How do I find out the amount of space left on my server? How do I fix the ::$DATA bug? How do I FTP files from ASP? How do I generate a treeview from ASP? How do I generate unique GUIDs from ASP? How do I get all the UBound() values in a multi-dimensional array? How do I get IntelliSense to see ASP 3.0 methods? How do I get my visitors' login name / username? How do I get screen resolution from ASP? How do I get the computer name / IP address of the server? How do I get the server's timezone information? How do I get the user's IP address or browser information? How do I highlight words in a string? How do I host multiple web sites on one IIS box? How do I increase timeout values? How do I iterate through session variables? How do I know which version of VBScript my server is running? How do I log / track ASP errors on my web site? How do I make hyperlinks out of plain text URLs and e-mail addresses? How do I make JavaScript send values to ASP? How do I make my ASP page pause or 'sleep'? How do I make my ASP page refresh? How do I make my ASP pages more efficient? How do I make search engines index pages with QueryStrings? How do I make sure an entered string contains only valid characters? How do I make sure my ASP question gets answered? How do I make sure my servers have the same time? How do I make sure people go to page x before page y? How do I make sure the client is still connected before processing? How do I make Visual InterDev's debugging features work? How do I manage a session across multiple windows? How do I pad digits with leading zeros? How do I parse / analyze IIS Logs? How do I parse the domain name out of a URL? How do I parse the file name out of a path or URL? How do I perform a Whois / DNS lookup from ASP? How do I persist session state without cookies / session variables? How do I prevent 'Invalid use of Null' errors? How do I prevent my ASP pages from caching? How do I prevent people from printing my ASP page? How do I print the first n characters of a large block of text? How do I prompt a "Save As" dialog for an accepted mime type? How do I protect my ASP code? How do I protect my images and other visual content? How do I put my ASP application onto a CD-Rom? How do I read the contents of a remote web page? How do I read the event log from ASP? How do I redirect an http:// request to https://? How do I refresh global.asa without restarting the application? How do I round a number *properly* with VBScript? How do I run ASP on other web servers besides IIS? How do I schedule ASP files? How do I send a MsgBox or InputBox from ASP? How do I set session variables from client-side script? How do I show a "Please Wait..." message? How do I solve 'Event ID 5' errors? How do I solve 'The Requested Resource is in Use' errors? How do I solve 'The server failed to load the application' errors? How do I solve 'The specified procedure could not be found' errors? How do I solve ASP 0115 errors? How do I specify ByRef / ByVal in VBScript? How do I stress test my ASP application? How do I time my ASP code? How do I turn a KB Article #, like Q191987, into a usable URL? How do I use ASP to [...] How do I use extensions other than .ASP for ASP files? How do I warn people when their session is about to expire? How do I zip / unzip files from ASP? I called Session.Abandon, why are my session variables still there? I have plenty of RAM, why do I get an 'Out of memory' error? Is there an easier way to patch my server(s)? Should I use ADOVBS.inc for declaring constants? Should I use sessionID to uniquely identify users? Should I use the .inc extension for my include files? Should I use VBScript or JScript for ASP? What do I do when IIS 5.0 will not start? What do I need to know about Response.Redirect? What is Event ID 36, and how can I get IIS running again? What is this 'Cannot detect OS type' error with NT 4.0 Option Pack? What is this error 'An unhandled data type was encountered'? What is wrong with IsNumeric()? What is wrong with Request.ServerVariables("HTTP_REFERER")? What is wrong with Session_OnEnd()? What kind of object is Response.Crackers? What's the deal with IIS 5.0 and ASP 3.0? When I run a page in my browser, why does the ASP code not execute? Where can I find out about .NET? Where can I find out about running Perl in IIS? Where can I host ASP pages for free (or at least cheap)? Where do I get IIS / ASP? Where else can I learn about ASP? Which editor should I use for developing ASP applications? Which is better, rs(0) or rs("column_name")? Why am I getting 'subscript out of range' errors? Why am I having problems installing Visual Studio.NET RTM? Why am I having problems with Server.Execute and/or Server.Transfer? Why are people telling me to fix my clock / timezone? Why can't I browse localhost without an Internet connection? Why can't I grab custom headers from Request.ServerVariables()? Why can't I pass querystring information AND links to #bookmarks? Why can't I turn buffering off using Response.Buffer? Why can't I use #EXEC or #ECHO in an ASP page? Why do I get 'BOF or EOF' errors? Why do I get 'HTTP 500-12 Application Restarting' errors? Why do I get 'HTTP/1.0 Invalid Application Name' errors? Why do I get 'Invalid Default Script Language' errors? Why do I get 'Name redefined' errors? Why do I get 'Object doesn't support this property or method' errors? Why do I get 'The RPC Server is Unavailable' messages? Why do I get 'Type Mismatch' when using the Session object? Why do I get 8000FFFF / 8002802B errors? Why do I get 80010105 errors? Why do I get 80010108 errors? Why do I get 80020003 errors? Why do I get 80020005 errors? Why do I get 80020009 errors? Why do I get 8002000E errors? Why do I get 80029c84 errors? Why do I get 8004E00F errors? Why do I get 80070034 / 80070035 errors? Why do I get 80070056 errors? Why do I get 80070057 errors? Why do I get 80090016 errors? Why do I get 800A01C2 errors? Why do I get 800A01C9 errors? Why do I get 800A01CA errors? Why do I get 800A01F4 errors? Why do I get 800A01F9 errors? Why do I get 800A03EC errors? Why do I get 800A03ED / 800A03EE errors? Why do I get 800A03F6 errors? Why do I get 800A0401 errors? Why do I get 800A0408 errors? Why do I get 800A0414 errors? Why do I get 800A138F errors? Why do I get a 500 Internal Server error for all ASP errors? Why do I get an 'overflow' error using CInt? Why do I get an error about a 'Smart HTML interpreter'? Why do I get ASP 0101 errors? Why do I get ASP 0113 / Script timed out errors? Why do I get ASP 0130 / ASP 0131 errors? Why do I get ASP 0138 errors? Why do I get ASP 0158 errors? Why do I get errors in the 800A0001 -> 800A000F range? Why do I get errors in the 800A0030 -> 800A003A range? Why do I get errors in the 800A03F1 -> 800A03FF range? Why do I get errors in the 800A0400 -> 800A041F range? Why do I get errors when trying to redirect? Why do I get HTTP/1.1 400 Bad Request errors? Why do I get non-database-related 80004005 errors? Why do I get script errors on one machine but not another? Why do I get the error Object Required: ''? Why do my session / application variables disappear? Why does 3.2 + 1.5 = 4.7000000000000002? Why does 4 / 5 = 0? Why does global.asa not fire? Why does GUID not work correctly with response.write? Why does IIS hang and/or stop serving ASP pages? Why does my page render (properly) in IE and not in Netscape? Why does RecordCount return as -1? Why does REMOTE_HOST return an IP address instead of a name address? Why does session.abandon not take effect right away? Why is Netscape slow in IIS 5.0? Why won't my ASP pages work in IIS 6.0? Why won't my session variables stick? Why won't QueryString values work with Server.Execute / Server.Transfer? Why won't Windows search ASP files? DllHost.Exe