programming-examples/asp/Components/Protect your Client Side Script with ASP.asp

73 lines
3.1 KiB
Plaintext
Raw Normal View History

2019-11-18 14:25:58 +01:00
' Name: Protect your Client Side Script
' with ASP v1.1
' Description:This code will allow you t
' o use ASP to check that the request for
' your JavaScript and VBScript is a "real"
' request or just someone trying to steal
' your code. If the request.servervariable
' s("HTTP_REFERER") returns a page from yo
' ur site then your return the JavaScript
' if request.servervariables("HTTP_REFERER
' ") doesn't return a page from your site
' you return an appropriate response of yo
' ur own.
' Inputs:This is the basic idea laid out
' for you to examine. You will still have
' to do a little work to integrate it in t
' o your site but it isn't much more than
' copy and paste.
The Input Request.ServerVariables("HTTP_REFERER") which Is automatically sent by the browser.
'
' Returns:Will return the JavaScript or
' VBScript if appropriate, if not a messag
' e to the user.
'
' Side Effects:It doesn't seem to work o
' n Netscape without setting up IIS to par
' se .js files like it does .asp. The user
' can still open the file from the user's
' cache unless you include:
<%
Response.Expires = 60
Response.ExpiresAbsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
%>
At the top of the protected JavaScript file. This Is stop the browser from saving a Local copy of the file.
'
Use the line below In place of your normal JavaScript include line.
<SCRIPT src="testcjs.asp" language="JavaScript" Type="text/javascript"></SCRIPT>
Use the code below In place of your normal JavaScript .JS file. It must be saved As a .ASP file Or it will Not work. Actually, you can Set IIS server To read .js files just like it does .asp files. This Is a good idea To hide your protection scheme For any users who are trying bypass it. Then you could save it As a .js file.
If you Do this a lot more people will be stumped.
Of course you could just As easily protect your vbscript With the technique too.
<%
' This is to force file to open save as
' dialog box and not open in user's browse
' r
' It would be even safer to have it as "
' badtype/badtype" instead of "text/javasc
' ript"
Response.ContentType = "text/javascript"
' Set the line below to the page that wi
' ll be granted acess to the file
' You could change the test to allow all
' pages on your site access, etc.
If (Request.ServerVariables("HTTP_REFERER") = "http://www.mysite.com/myfolder/mypage.asp") Then
%>
/* This Is where you put the real JavaScript that you want To run */
document.write(" ACCESS GRANTED @ <%=time%> <BR/>");
document.write(" request.servervariables("HTTP_REFERER") = "<%=Request.ServerVariables("HTTP_REFERER")%>"");
<%
Else
%>
/* This Is where you put the message you want users To see In place of your real JavaScript */
/* I wouldn't use the bottom line since it will give away your protection scheme and help */
/* users find a way To break it */
No soup For you.
Request.ServerVariables("HTTP_REFERER") = "<%=request.servervariables("HTTP_REFERER")%>"
<%
End If
%>