Glen B wrote:

attempt to (?)

unless they know to look in the temp internet folder for the .js file.
Is there a better way to hide it than this? Like - you can't put js
functions in an invisible frame can you? They have to be put up top,
where everyone can see them, or in a file include where people can dig
them out - don't they? We tried to hide *all* of our source by running
things in our own "bare" window (no "View" tab) and disabling
right-click, but that only worked for some browsers. Seems a bit of a
challenge to hide code securely on the web. I don't mind that really.
The stuff that *really* matters is the stuff on the application server.
Incidentally - this brings me to something else I've been meaning to
mention: I would *strongly* recommend that, whatever validation you do
on the client - with javascript or whatever, and on the web-server -
with PHP or whatever, you really *must* validate it all again on the
DBMS.

Mike.

Hi Mike,

Or just view source and pull the js directly into the browser via the
url field.

This reminds me of the discussions on the photography forums about
keeping people from downloading your photos. There really isn't a way.
It can be made more difficult (breaking picture into bits, 'encrypting'
js source, etc.) but if you want people to see the photos or execute
the js code, they can download the pics or see the code.

That was what I alluded to in another thread about javaScript's 'guts
hanging out' in the browser.

And I am still sort of on the fence about even doing heavy validation
in the browser. AJAX takes away my complaints about needing to load
those huge libraries on every call because you can load them in the
body once then use them everywhere but still ... as you say, you are
going to end up doing some validation on the server anyway.
-Tom