The recommended configuration is to keep scripts and data files outside the web tree, which will make it impossible for them to be downloaded to a browser. Even if scripts are in a web-accessible folder, you can protect your fxp and data files by mapping their extensions to deny.exe. For details on how to secure your server against this type of attack, please refer to the Securing your Server topic of the FoxWeb documentation (http://www.foxweb.com/document/SecureServer.htm).
Sent by Jim on 01/29/2005 04:02:19 PM:
Since FoxPro programs can be decompiled at the drop of a hat and since some clever so-n-so can rig his browser to download the scripts, I was wondering if the following technique would work.
Then, even if someone were able to "trick" their browser to download the script in its raw form, it wouldn't help them since the really useful code is in another file which is called by the script they just downloaded. Though they would possibly have the file's name, they would have no way of querying the FoxPro path to find it, right?
Is there something obvious that I'm missing?
true measure of a career is to be able to be content, even proud that
you succeeded through your own endeavors without leaving a trail of
casualties in your wake."