What is the recommended method to protect the applet_ftp.js file from being viewed from a direct http query?
After setting up the demo, I went to http://mysite.tld/jupload/applet_ftp.js and pulled up the parameters plain as day.
Yes I know that ftp is an insecure protocol and there are ways to hack most anything but I'm hoping to remove the low hanging fruit from the script kiddies.
security bug? the .js files needs protection.Re: security bug? the .js files needs protection.You could obfuscate the JavaScript with a tool like:
http://www.javascriptobfuscator.com/default.aspx But what do you want really protect? FTP login/password? Then see: http://www.jfileupload.com/products/jfi ... aq.html#36 |
