On Mon, Mar 17, 2003 at 04:00:43PM -0700, Didier Caamano wrote: > Is not that I don't want to share or soimething like that, is just I have > some scripts that need to be part of the web page code but they compromise > in some ways the security of the site and the privacy of those who are > part/members of the organization. > > As a result, I was wondering how could I hide the code, or the part of the > code that I don't want my visitors to see. I see now that there is no way, > or at least with apache. But I still need to hide at least those path for > the scripts that could compromise the site.
The problem you're having is thinking that it's anything to /do/ with Apache - it's not! Even if you manage to "hide" the scripts, you're still going to come down to a single problem: if the scripts are destined to be run on the client - on the user's machine, not your server - then someone /will/ get hold of the source to them. So I'd suggest that the question then becomes "how can I write these scripts in a way that they don't compromise the security of the site/server/whatever?" The simple - but totally useless - answer is "don't trust the client." Why useless? Well, it doesn't tell you about /how/ to do it, just /what/ to do. That's all I can tell you, but I'm fairly sure it's the way you should be going. Remember - if your scripts can pass back information to your servers from the client machine, then anyone malicious can pass back carefully crafted data to take advantage of your servers. You /have/ to assume that this will be done so as to make sure that it has as little affect as possible! > By the way, thank very much to you guys for your answers. Have a nice day. > Didier. jc [CC'd you because - I don't know why - I just get the feeling that perhaps you're not subscribed :-] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
