May 21st, 2002, 10:41 PM
web page security....is it worth it?
I've noticed that people try to keep their html a secret by disabling the view source functionality or encrypting/decrypting the html dynamically.....is it really worth the effort?
In the end it really isn't very hard to get around this security, and it seems like more work than it is really worth.
What do you guys think?
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
May 21st, 2002, 11:13 PM
If you spend more on coffee than on IT security, you will be hacked. What\'s more, you deserve to be hacked.
-- former White House cybersecurity adviser Richard Clarke
May 23rd, 2002, 11:04 PM
May 24th, 2002, 01:23 AM
Yeah man, ive tried a few tricks, you can disbale the right click, scramble your code ( i did that a few times over with a tool html guard i think) it also places it really far down the note pad if people go to veiw source with a message at the top saying... < Hiddein code...blah blah......ect..ect> then a person could think its vanished....i caught someone out with that...pitty was my page file size was about 60-70 k after all that....and you can still find a tool to decrypt pretty much any of them.....
if you really wanna do it, id encrypt it then do that 2 more times...if its still small then it will load up fast enough and people trying to decrpyt it will think they need something else....or maybe different types of encryption might work.....but then you can use a website downloader tool to get all the graphics offf the page....
now i'm lost
i believe in open source though.....i just wanted teach myself with html tricks n tips..ect
but nah i dont see the point.....
May 24th, 2002, 02:15 PM
You *cannot* fully encrypt the HTML code because the full, unencrypted code must be sent to the browser in order for the page to be rendered correctly. Any encryption employed must be two-way so it would take a matter of seconds to remove it with the correct tools.
Why would you want to stop anyone from looking at your HTML code anyway? There's no security reason for doing so (I certainly hope no-one is transmitting sensitive info in their code - because that's an easy way to exploit CGI scripts, shopping carts etc.). Anything you do in your HTML has probably been done already and can be downloaded from some free site.
Let your visitors learn from your code and they will appreciate you for it. Deny them access and you will annoy the legitimate users without stopping the people who want to copy what you've done.