Hello!
At present, my .js files are also within the public_html directory.
Anyone is able to type the name of these files in their browser
address bar and then be presented the javascript (or text) code.
What numeric CHMOD should be applied to these, which: Permit
the world and group to execute the commands contained in
the files, but Disallows display of the actual code contained
within the script to the world and group?
711 assuming that the owner should have read, write, and execute permission. However, this will probaby not work. A script is "executed" by an interpreter. The interpreter cannot execute scripts which it cannot read. 711 should work on a true program which can be directly executed by a cpu though.
That makes sense. As Javascript is run on the client side on users' browsers, it MUST be publicly accessible and so this is the expected behaviour. On HTTP a .js file is just served in exactly the same way by the Web server as an HTML file or a PDF file. Javascript files are NEVER executed on the server so the file permissions are irrelevant. The file will be served correctly provided Apache can have read permission to the file.
What is the point of writing Javascript that cannot be accessed by clients?
But hey, you can't run Javascript with the shell (if you know an interpreter that does, tell me)!! And as I said, unlike server-side languages such as Perl that can act as CGI programs, that will be executed by the Web server and just serve the generated output without divulging the sources, Javascript files are served verbatim as static resources and so either you let clients get it, or you don't. You can't have a Javascript that only executes but not readable, because the HTTP protocol is open. Even if browsers do not have a "view source" function, there are still so many ways to get the source. For instance, by a packet sniffer and everything must be there. You can't hide anything.
Javascript can only be obfuscated with difficult-to-read-variable-names and reducing the entire script into a one-liner with some unusual structure. This is already the utmost one can do to Javascript if he wants to make it hard for people wishing to hack or steal the sources, but still, that obfuscated code is available for access publicly, otherwise the browser will never be able to get the source to run it!
I am pretty sure your concepts has been screwed.
Thank you both for the clarification,
and way more thanks for the
in-depth explanation.
Line upon line ...
Thank you.