View Complete Thread | FoxWeb Forum Home
Search:
Date:    Msg ID:   
From:    Thread:   
Subject:   
 The recommended configuration is to keep scripts and data files outside the web tree, which will make it impossible for them to be downloaded to a browser.  Even if scripts are in a web-accessible folder, you can protect your fxp and data files by mapping their extensions to deny.exe.  For details on how to secure your server against this type of attack, please refer to the Securing your Server topic of the FoxWeb documentation (http://www.foxweb.com/document/SecureServer.htm).

FoxWeb Support Team
support@foxweb.com email

Sent by Jim on 01/29/2005 04:02:19 PM:
Hello all
 
Since FoxPro programs can be decompiled at the drop of a hat and since some clever so-n-so can rig his browser to download the scripts, I was wondering if the following technique would work.
 
Setup:
  1. All code which I don't want downloaded is called as functions/procedures from other scripts that I don't care about
  2. The no-download scripts are in a directory not residing on the web server (mapped share or similar)
  3. The web server is locked down to keep browsers from "wandering" outside of the programmed web-root folder
  4. The FoxPro path is set up to include the location of the no-download scripts.

Then, even if someone were able to "trick" their browser to download the script in its raw form, it wouldn't help them since the really useful code is in another file which is called by the script they just downloaded.  Though they would possibly have the file's name, they would have no way of querying the FoxPro path to find it, right? 

Is there something obvious that I'm missing?

-Jim


"The true measure of a career is to be able to be content, even proud that you succeeded through your own endeavors without leaving a trail of casualties in your wake."  - Allen Greenspan