|
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有帐号?立即注册
x
缺点:正版成本价格贵(盗版就不说了)、不够安全,大多数服务器用windows系统,没有linux安全dhtmlProtectingYourDHTMLUsingASP
byJean-LucDavid
CATEGORIES:SiteDesign,Scripting
ARTICLETYPE:TutorialReaderComments
ABSTRACT
ArticleRating
Useful
Innovative
Informative
100responses
DynamicHTMLallowsdevelopersanopportunitytocreatepowerfulclientwebapplicationsthatarecross-browsercompliant,interactiveandportable.Unfortunately,whenyoupublishtothewebyourJavaScriptcodeisinsecure.Yourhardworkcanbeviewed,downloadedandcopied.ThisarticlewilldescribeanexperimentalinnovativemethodofsecuringyourDHTMLcodeusingserverauthenticationand"datastreams".Themethodinquestionwillpreventtheenduserfromdirectlyaccessingthesourcecode.
ArticleDiscussionRatethisarticleRelatedLinksIndexEntries
ARTICLE
Abstract:
DynamicHTMLallowsdevelopersanopportunitytocreatepowerfulclientwebapplicationsthatarecross-browsercompliant,interactiveandportable.Unfortunately,whenyoupublishtothewebyourJavaScriptcodeisinsecure.Yourhardworkcanbeviewed,downloadedandcopied.Ifyouaredevelopinge-commerceapplications,yourbusinessrulesandpracticesmaybeexposedtopryingeyes.
TraditionalmeansofprotectingJavaScriptusuallyinvolvescramblingorobfuscatingthecode.Thesemethodsarehighlyineffectualagainstanydeterminedcode-hacker.
ThisarticlewilldescribeanexperimentalinnovativemethodofsecuringyourDHTMLcodeusingserverauthenticationand"datastreams".Themethodinquestionwillpreventtheenduserfromdirectlyaccessingthesourcecode.
Introduction:
DHTMLisfastbecomingthedefactotoolforcreatingpowerful,cross-browserapplicationsontheweb.MicrosofthasralliedbehindthedevelopmentoftheDOM(DocumentObjectModel)andNetscapehaspushedforwardwithitssupportforthelanguagewiththereleaseoftheNetscape6browser.ThepowerofDHTMLisbasedinpartbyitsabilitytoprogrammaticallycontrolanyfourthgenerationbrowserwithouttheneedforadditionalpluginsorexecutables.
Asweallknow,thewebisfundamentallyaninsecuremedium.Allclientbaseddevelopmentcode(HTML,JavaScriptSourceFilesandStyleSheets)typicallydownloadsintotheuserscachewhentheyaccessyourwebapplicationsorwebpages.Theendusercansimplyclickon"ViewSource"toview,analyzeorcopyyourcode.Thisisabasiclimitationthatwehaveallhavetolivewith.Ordowe?
Istronglyfeelthatwebdevelopersshouldbegiventhechoicewhetherornottosharetheirclientbasedcode.Asyourwebapplicationsbecomemorepowerfulandversatile,sodoestheneedtoprotectyourintellectualproperty.EspeciallyifyourapplicationisbusinessorientedoryouvespentmonthsworkingonauniqueorgroundbreakingDHTMLapplication.
Traditionalprotectiontechniques:
MSDNhaspublishedanexcerptofWroxsInstantJavaScriptbookontheirsitethatoutlinesafewoptionsforprotectingyourJavaScript.
http://msdn.microsoft.com/library/partbook/instantj/privacyforscriptwriters.htm
TheprincipalclientJavaScriptcodeprotectionschemescanbedividedintothefollowingcategories:
a)TheMicrosoftApproach:MicrosofthastackledthechallengeofprotectingclientsourcecodewiththereleaseoftheMicrosoftWindowsScriptEngineVersion5.0.Thesourcecodeisencoded(notencrypted)andfilteredthroughanActiveXlayer.
http://msdn.microsoft.com/library/periodic/period99/scriptengine.htm
ThedisadvantageofthisapproachisthattheencodingcanonlybedecipheredwithMicrosoftsInternetExplorer5.0+.Theyreadilyadmitthattheencodingprocessisnotentirelyfoolproof.Ifyouareusinganyotherbrowser(includingearlierreleasesofInternetExplorer),youwillnotbeabletoaccessthescriptthroughthebrowser.
b)CodeObfuscation:S</p>对用户来说可预见费用、节约费用,可以做到花少钱办大事。由于省去了购买软件和硬件等的前期费用,用户可以租用较高级的应用软件。ASP的收费是根据软件的类型、客制化程度、用户数量、服务期限来定的,对客户来说这笔费用是可以预见的。方便于客户应用软件的升级。 |
|
|Archiver|手机版|仓酷云
鄂ICP备14007578号-2
发表于 2015-1-16 23:18:28
收藏
转播
分享
淘帖
顶
踩
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
楼主