Is there any way to keep the includes folder from prying eyes?

No. It's Javascript. It has to be downloaded to the user's browser in order to work. Once there, it can be examined.

The best you can do is to use an "obfuscater". This will rewrite the Javascript so that it is hard to read. (Using random variable names, all run together on one line, etc.) All that will really do is make it difficult for somebody else to make modifications to your code, though.

BTW, the title of this post is misleading. This is *not* an "SSI folder". SSI is SERVER-side include. Something completely different from browser-side Javascript. (SSI isn't even usually code, but simply static content that is sucked-into a page.)

Thanks for the reply. And sorry about the misuse of the term SSI.

I'll have to do a search for "javascript obfuscator."

Now, not to burst your bubble... but...

I'd be extremely wary to take you up on your free tools. ESPECIALLY if they are obfuscated.

The negatives:

- Giving away your site statistics - at least for those pages that load the tools

- Potential for cross-site-scripting attacks. In particular, there's no way I'd link to an obfuscated script on another site or download one.

There's even more potential danger if you DOWNLOAD an obfuscated script and install on your own site. At least when the script is on another site, you have the browser's cross-site-scripting protections. (The problem with cross-site scripting occurs when the browser protections are broken or incomplete - which has occurred many times.)

Not every webmaster is going to have the time or skills to examine every script that they use. A prudent course is to stick to popular scripts downloaded directly from the maker of the script or well-known download sites. At least these scripts have most likely been examined and poked-at by curious webmasters and security experts, and any problems will be uncovered and reported in the technical press.

Not accusing you of shenanigans. Just alerting you to why savvy webmasters may be reluctant to take advantage of the offer.

Thanks, jtara. I looked into obfuscated scripts, and they won't do what I want them to do, which is to keep unscrupulous webmasters from just copying my tool scripts.

So, I guess I'll just have to rely on the goodwill of the majority of webmasters to do the right thing.

The only thing you can really do if you really want to protect your algo or code is to use ajax and do most of the processing server side.

Maybe I got the whole discussion wrong, but as far as I can see, the question was on how to hide the content of the folder:

Is there any way to keep the includes folder from prying eyes? My site is on a VPS server, so I really don't know how to set up a directory a level up from the public directory.

Besides all the Javascript files you have in your includes folder, also place an index.html file into it, so that calls to that directory don't reveal the filenames of its content but the index file, which could either be blank or contain a note that users should subscribe to your list first.