JavaScript: NN and IE right-click dissable

[Leb i Sol]

as the topic of the post said....

is there a way to apply a right-click disabeling on NN (mozilla based)AND IE?

NOT just newer versions of browsers...anyone can D/L older version and browse through your code!

so, any of you guys found a nice JS?

my IE contrib:

function disableRightClick(e)

{

  var message = "Right click disabled";

  

  if(!document.rightClickDisabled) // initialize

  {

    if(document.layers) 

    {

      document.captureEvents(Event.MOUSEDOWN);

      document.onmousedown = disableRightClick;

    }

    else document.oncontextmenu = disableRightClick;

    return document.rightClickDisabled = true;

  }

  if(document.layers || (document.getElementById && !document.all))

  {

    if (e.which==2||e.which==3)

    {

      alert(message);

      return false;

    }

  }

  else

  {

    alert(message);

    return false;

  }

}

disableRightClick();

thank you in Advance!

[Anatoli]

 function right(e) {

 if (navigator.appName == 'Netscape' && 

 (e.which == 3 || e.which == 2))

 return false;

 else if (navigator.appName == 'Microsoft Internet Explorer' && 

 (event.button == 2 || event.button == 3)) {

 alert("Right click disabled");

 return false;

 }

 return true;

 }

 document.onmousedown=right;

 document.onmouseup=right;

 if (document.layers) window.captureEvents(Event.MOUSEDOWN);

 if (document.layers) window.captureEvents(Event.MOUSEUP);

 window.onmousedown=right;

 window.onmouseup=right;



  

[Leb i Sol]

great, thanx!

This script does effect IE and NN but what do you for users with other browsers such as Mozilla and Opera etc.?

thank you

[Anatoli]

Some Opera versions are using IE engine, so it will work.

In Czech Republic 99+% used browsers are IE. I never feel I must do something for that exotic 0.01% with something else.

[Leb i Sol]

Oh I must attack you for this one

In Czech Republic 99+% .......ha?! Internet=CZ/CR?

I guess its ok if you limit of IP ranges for CZ only

what about the rest of the world...I get about 10-15 router based attacks-weekly- from China...they can not even understand nor read the pages behind it...but YET some one is "drilling" and if downlading Mozilla build 1 or 2 or x is all they have to do to get the source code/site structure/db ...etc. makes me :??

I guees my follow up question would be :

Q:What is the real danger behind someone knowing the source code=DB,site structure...?

to my knowlede steps to follow/use:

-Web Security DB

-chromeless windows(source,status bar-links,navbar)

-no right click(source code)

-forced frames

-tokes_cookies

but all this still does not convice me that I am "secure"

what is your thought on all this?

[Anatoli]

Did you check the security holes and problems and -raw syntax threads?

FM on web through WebCompanion *and* secure? If you are careful, use everything in your power and all full security protection like ExactSearch, then you are reasonably secured. But I wouldn't trust FM driven website with my CC numbers.

With Lasso -- yes, it is secure as anything else on web. It can be, depending on design 1000% more secure, than FM-WC combo can.

[Leb i Sol]

and -raw syntax threads?

I don't know anything about "-raw" concept...can you explain when u get some time?

[Unable]

I believe the thread is in the CDML Forum.

I believe that "Security" is part of the title.

I believe that Chazboi initiated the thread.

I believe it is quite long but well worth reading.

Maybe I'm a believer.

[Anatoli]

Maybe it is "security hole"

[Leb i Sol]

ok good enough I will look arround...I don't think I did use any -raw syntax if I remember

thank you guys

[Anatoli]

It is not about how you use it.

FM hackers may use it and with XML or -raw query *everything* will be revealed.

There are ways to prohibit that. E.g. in Web Security db set Exact Search.

Or filter somehow out the -Raw and XML syntax, etc.

That thread is The Most Interesting Thread about FM on Web Security problems. Without implementing that, your *everything* is revealed.

[Leb i Sol]

"There are ways to prohibit that. E.g. in Web Security db set Exact Search."

Q:I was wondering what to do if I *need to have search options such :equals,contains,begins....how would I protect from that? }

thanx...

[Anatoli]

I can think of some static value passed via tokens, which will be always included in searches and have "Exact Search".

We developed pretty good filter for cutting of this "hacking" syntax for Windows. Problem is that it filters also the communication between WC and WS Connector, so we disabled that.

FM on web has those holes there for years

[Leb i Sol]

...I guess this is the part when "you will not like FM" comes out.

I have used the token concept much like "session variable"(although its a "drag to drag them arround" and remeber) but that was used for "exact search" on "user-owned-created" records....

the issue kicks in when one has to search all the records...to my knowledge tokens can't help much when "lte" ir "gt" is abs. neccessary.

I don't know much about XML but I know it is a powerfull "trigger" to many XML compatible applications....the most worries I have is the execution of XML on a given IP or DB since FM likes XML....navigation-wise tokens work just fine!

...I feel like my neighboor from the top flor has just flushed "his goods" on me....well if nothing I learned some CDML; protecting it "would" be nice....?!

[Anatoli]

I guess you've got the idea. I was expecting FM would come with something better in v. 5.5 or 6.

But no, it is still clumsy or unsecured or both

The investment in Lasso is worth if you don't have to use 8 bit languages like W-1250.