Hi Jeff,

That's an interesting idea!  Do you have a code sample to help explain how
to do it?

Thanks!

Shannon O'Donnell


----- Original Message -----
From: "Flaker, Jeff" <JFlaker@xxxxxxx>
To: "Web Enabling the AS400 / iSeries" <web400@xxxxxxxxxxxx>
Sent: Friday, August 01, 2003 7:10 AM
Subject: RE: [WEB400] Hiding HTML Source


> Even if you use external .js and html (I believe that you can use external
HTML much like you can use external .js--correct me if I am wrong) it stores
the .js and .htm(l) in TEMP directory under the named external file.  The
average "User" will not know where to look or how to modify, but someone
with some knowledge may be able to modify the browser settings NOT to
re-download the page and .js.
>
> One security setting you can use is to generate an expiring alpha-numeric
random key(expires after each successful request or after a set time limit)
of random length in the form, (time and date stamp this random key in a
file)....if the key doesn't match the user or is older than specified, then
your cgi should send the user away to a "NOT ALLOWED" page and disregard the
request.  This also prevents bookmarking, corruption of data or a user
playing havoc with the url variables(If they know how to do that..)
>
>
>
> Jeffrey Flaker
> Senior Programmer/Analyst
> Linens 'N Things
> 6 Brighton Rd
> Clifton, NJ  07015
> Phone:   973-249-4384
> Fax:     973-249-4901
> http://www.lnt.com
>
>
> -----Original Message-----
> From: Eric Kempter [mailto:EKempter@xxxxxxxxxxxxxxx]
> Sent: Thursday, July 31, 2003 3:55 PM
> To: Web Enabling the AS400 / iSeries
> Subject: RE: [WEB400] Hiding HTML Source
>
>
> That might work if security has been put in place to prevent a user from
viewing / downloading the .js file.  If you know the URL (path) to the .js
you can view/download it unless security has been put in place to prevent
it.
>
>  -----Original Message-----
> From: Hatzenbeler, Tim [mailto:thatzenbeler@xxxxxxxxxxxxx]
> Sent: Thursday, July 31, 2003 9:31 AM
> To: 'Web Enabling the AS400 / iSeries'
> Subject: RE: [WEB400] Hiding HTML Source
>
> Just an untested thought...
>
> 1st off, if a person writes their own browser to capture the input stream,
> no hiding of code, can be done...  But, within explorer, I have noticed,
> that if you link to an external .js (javascript file) you don't see that
> code... You just see the link...  Maybe you could create your html, in a
JS
> file, using a bunch of writes, and then have your main html link to the
> JS...
>
> Tim
>
>
> > -----Original Message-----
> > From: Shannon O'Donnell [SMTP:sodonnell@xxxxxxxxxxxxxxx]
> > Sent: Thursday, July 31, 2003 9:22 AM
> > To: Web Enabling the AS400 / iSeries
> > Subject: [WEB400] Hiding HTML Source
> >
> > Hi,
> >
> > Just a thought that occurred to me in passing....
> >
> > I've seen IIS based Web Servers that send a web page with an embedded
> > ActiveX object in it and this ActiveX object actually pushes the
"current"
> > HTML code out to the browser in such a way that there is no way for the
> > user to view the HTML source.
> >
> > I always thought that this was kind of cool and a great way to hide HTML
> > code.
> >
> > But I wonder, short of using ActiveX, if there is any "native" (i.e.,
from
> > the AS/400) method of sending out HTML to the browser, but in such as
way
> > that it is not viewable by the end user.
> >
> > I know that you could write some JavaScript to prevent right-clicking
and
> > viewing source, but JavaScript can be disabled.
> >
> > Anyway...this isn't mission critical, but I was just wondering if anyone
> > had any thoughts/ideas on how to achieve that effect from the AS/400.
> >
> > Thanks!
> >
> > Shannon O'Donnell
> >
> > _______________________________________________
> > This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> > To post a message email: WEB400@xxxxxxxxxxxx
> > To subscribe, unsubscribe, or change list options,
> > visit: http://lists.midrange.com/mailman/listinfo/web400
> > or email: WEB400-request@xxxxxxxxxxxx
> > Before posting, please take a moment to review the archives
> > at http://archive.midrange.com/web400.
> This e-mail message, including any attachments, is for the sole use of the
> intended recipient(s) and may contain confidential or privileged
> information.  Any unauthorized review, use, disclosure or distribution is
> prohibited.  If you are not the intended recipient, please contact the
> sender by reply e-mail and destroy the message.
> _______________________________________________
> This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> To post a message email: WEB400@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/web400
> or email: WEB400-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/web400.
>
>
>
>
> _______________________________________________
> This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> To post a message email: WEB400@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/web400
> or email: WEB400-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/web400.
>
>
> _______________________________________________
> This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> To post a message email: WEB400@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/web400
> or email: WEB400-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/web400.
>
>
>



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.