The recommended configuration is to keep scripts and data
files outside the web tree, which will make it impossible for them to
be downloaded to a browser. Even if scripts are in a
web-accessible folder, you can protect your fxp and data files by
mapping their extensions to deny.exe. For details on how to
secure your server against this type of attack, please refer to the
Securing your Server topic of the FoxWeb documentation (
http://www.foxweb.com/document/SecureServer.htm).
FoxWeb Support Team
support@foxweb.com email |
Sent by Jim on 01/29/2005 04:02:19 PM:
Hello all
Since FoxPro programs can be decompiled at the drop of a hat and
since some clever so-n-so can rig his browser to download the scripts,
I was wondering if the following technique would work.
Setup:
- All code which I don't want downloaded is called as functions/procedures from other scripts that I don't care about
- The no-download scripts are in a directory not residing on the web server (mapped share or similar)
- The web server is locked down to keep browsers from "wandering" outside of the programmed web-root folder
- The FoxPro path is set up to include the location of the no-download scripts.
Then, even if someone were able to "trick" their browser to download
the script in its raw form, it wouldn't help them since the really
useful code is in another file which is called by the script they just
downloaded. Though they would possibly have the file's name, they
would have no way of querying the FoxPro path to find it, right?
Is there something obvious that I'm missing?
-Jim
"The
true measure of a career is to be able to be content, even proud that
you succeeded through your own endeavors without leaving a trail of
casualties in your wake." - Allen Greenspan