Results 1 to 5 of 5

Thread: web page security....is it worth it?

  1. #1
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027

    web page security....is it worth it?

    I've noticed that people try to keep their html a secret by disabling the view source functionality or encrypting/decrypting the html dynamically.....is it really worth the effort?

    In the end it really isn't very hard to get around this security, and it seems like more work than it is really worth.

    What do you guys think?
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  2. #2
    Senior Member
    Join Date
    Jul 2001
    Posts
    420
    It seems that blocking the view of the source can be avoided by rclick and selecting save target as. I did that once just to see the javaScript that blocked the right click.
    -D
    If you spend more on coffee than on IT security, you will be hacked. What\'s more, you deserve to be hacked.
    -- former White House cybersecurity adviser Richard Clarke

  3. #3
    Senior Member
    Join Date
    Dec 2001
    Posts
    151
    it's pretty useless to do that...there is always a way around...the best way is to disable javascript...
    -[h3llbringer] is back, again.
    -MSN CLoNE.

  4. #4
    Senior Member
    Join Date
    Aug 2001
    Posts
    130

    true

    Yeah man, ive tried a few tricks, you can disbale the right click, scramble your code ( i did that a few times over with a tool html guard i think) it also places it really far down the note pad if people go to veiw source with a message at the top saying... < Hiddein code...blah blah......ect..ect> then a person could think its vanished....i caught someone out with that...pitty was my page file size was about 60-70 k after all that....and you can still find a tool to decrypt pretty much any of them.....

    if you really wanna do it, id encrypt it then do that 2 more times...if its still small then it will load up fast enough and people trying to decrpyt it will think they need something else....or maybe different types of encryption might work.....but then you can use a website downloader tool to get all the graphics offf the page....


    hmmm

    now i'm lost

    i believe in open source though.....i just wanted teach myself with html tricks n tips..ect
    but nah i dont see the point.....

  5. #5
    AO Antique pwaring's Avatar
    Join Date
    Aug 2001
    Posts
    1,409
    You *cannot* fully encrypt the HTML code because the full, unencrypted code must be sent to the browser in order for the page to be rendered correctly. Any encryption employed must be two-way so it would take a matter of seconds to remove it with the correct tools.

    The JavaScript no-right-click trick is also pointless, in IE all you have to do is go to View->Source and you get the whole source code for the HTML page, including JavaScript etc. Or just save the page to your hard disk, edit it and remove the JS code, and then reload the local page in your browser.

    Why would you want to stop anyone from looking at your HTML code anyway? There's no security reason for doing so (I certainly hope no-one is transmitting sensitive info in their code - because that's an easy way to exploit CGI scripts, shopping carts etc.). Anything you do in your HTML has probably been done already and can be downloaded from some free site.

    Let your visitors learn from your code and they will appreciate you for it. Deny them access and you will annoy the legitimate users without stopping the people who want to copy what you've done.
    Paul Waring - Web site design and development.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •