Apache / Windows - File Security

Not sure if this is an apache issue or a windows issue (or both?).

I've got dedicated-virtual hosting, (which means a static IP and
remote session into a win2003 enterprise edition).

What im wondering is this,

Can I restrict my JS files so they can't be viewed by clients, but can
be executed by apache.

I was able to restrict files with apache so users couldn't access them
(403 forbidden) but then the files couldn't be used at all :(

Am I trying to do the impossible here or can I restrict the viewing of
files but still allow them to be accessed by my web pages?

If you need more detail I can fill you in on what i've tried so far
and what my setup is.

On 25 Feb, 04:58, drewmania...@gmail.com wrote:
> Not sure if this is an apache issue or a windows issue (or both?).
>
> I've got dedicated-virtual hosting, (which means a static IP and
> remote session into a win2003 enterprise edition).
>
> What im wondering is this,
>
> Can I restrict my JS files so they can't be viewed by clients, but can
> be executed by apache.
>
> I was able to restrict files with apache so users couldn't access them
> (403 forbidden) but then the files couldn't be used at all :(
>
> Am I trying to do the impossible here or can I restrict the viewing of
> files but still allow them to be accessed by my web pages?
>
> If you need more detail I can fill you in on what i've tried so far
> and what my setup is.

All you can do is minimise them, or obfuscate them, both techniques
are considered rude, if the primary focus is to stop them from being
human readable.
This kind of "secretive" attitude contributes to javascript haivng a
bad name.
If you intend code to execute in the bowsers of your clients, the
least you can do is make the scripts open, ethical and human readable,
especially since you probably got the code (the BEST code is always
open) from a 3rd party who in the true spirit of the internet released
it as the fruit of their labours to a grateful web developing public.
Most people who attempt to hide source, have something to hide. It
doesn't endear you to your customers.

> All you can do is minimise them, or obfuscate them,

Thanks, I thought that was my only option, but just wanted to see if
there were any other ways.

> both techniques
> are considered rude, if the primary focus is to stop them from being
> human readable.

> If you intend code to execute in the bowsers of your clients, the
> least you can do is make the scripts open, ethical and human readable,

Thanks for that as well, the plan is to release a commercial app,
which will be closed source, but will have API's available

> especially since you probably got the code (the BEST code is always
> open) from a 3rd party who in the true spirit of the internet released

While 3rd party code is used, the protection will be for the js code
that was written from scratch

> Most people who attempt to hide source, have something to hide. It
> doesn't endear you to your customers.

Nothing to hide :) Just lots of hard work to keep personal, and can't
see any need to make every bit of it available (at least not from the
outset)

On 26 Feb, 06:27, drewmania...@gmail.com wrote:
> > All you can do is minimise them, or obfuscate them,
>
> Thanks, I thought that was my only option, but just wanted to see if
> there were any other ways.
>
> > both techniques
> > are considered rude, if the primary focus is to stop them from being
> > human readable.
> > If you intend code to execute in the bowsers of your clients, the
> > least you can do is make the scripts open, ethical and human readable,
>
> Thanks for that as well, the plan is to release a commercial app,
> which will be closed source, but will have API's available
>
> > especially since you probably got the code (the BEST code is always
> > open) from a 3rd party who in the true spirit of the internet released
>
> While 3rd party code is used, the protection will be for the js code
> that was written from scratch
>
> > Most people who attempt to hide source, have something to hide. It
> > doesn't endear you to your customers.
>
> Nothing to hide :) Just lots of hard work to keep personal, and can't
> see any need to make every bit of it available (at least not from the
> outset)

Yes that is the feeling we all have, but just like the activewidgets
guys you can use licensing to actually help you develop. You can have
a large helpful user base to tell you when they spot errors, some of
whom will ask their boss if their biz can pay for your great code. So
keeping an eye out for useful parts of your code which you could
release would be a fantastic way to help your project get noticed;
there is a downside though to using (opensource) 3rd party code, if
the license say it cannot be included in a close source app, if you
get found out using it, they too have recourse to the full force of
the law. Minimising and obfuscating it doesn't work, as the code gets
crunched when it is interpreted, and the patterns will out!
Incidentally the best kind of human obfuscation I have ever come
across was when all the function names were called by bizarre nouns
like cheese elephant, stretch and so on, obviously using a simple swop
out algo, but it bamboozles all but the most disciplined brain I
should think! certainly mine. The feeling you get left with isn't one
of sour grapes so much as slight mirth.