-
August 25th, 2003, 01:53 PM
#1
Junior Member
HTML quesion
Is there anyway to fully protect others from seeing your source code?
You can make the person do more work getting to it but can you fully stop someone from viewing the page.
Just wondering
C:\\DOS
C:\\DOS\\RUN
RUN\\DOS\\RUN
-
August 25th, 2003, 02:04 PM
#2
No.
You have to let the viewer download the html to their web browser in order for their computer to display the page. Once it's on their computer, you don't actually have any control over what they do with it. You can use tricks to make certain web browsers hesitant to display the source, but the viewer can always use a different program to get the page, such as telnet/wget/curl/netcat.
-
August 25th, 2003, 02:43 PM
#3
Well, if you do the entire page in php or asp, then they don't see the source, but there is no way to do it with html.
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
August 25th, 2003, 03:04 PM
#4
I did some research and this is what I could come up with. Hope it helps :
"There are ways to make it more difficult for your visitors to read your source code. Here are some of them:
(1) Adding dozens of carriage returns at the top of your HTML page
This one has fooled me a couple of times. All you see is a lot of blank space - but just keep scrolling down and you'll find the source code.
(2) Using frames
When you try to view the source code of a page using this technique, all you see is the first ten or fifteen lines of HTML. But just save the page to a folder on your hard disk and then look for a sub-folder where the images in that page were saved to.
In the sub-folder you'll find an HTML file that contains the source code you were looking for. Again, this won't fool experienced users, but it's worth a shot. Here is the code:
http://www.ezine-writer.com/framescode.html.
(3) Disabling Right Click
This is an old trick and experienced surfers know how to get around it. Here it is anyway - a script that disables Right Click:
http://www.ezine-writer.com/rightclick.html
(4) Disabling View Source
I searched high and low for a script that disables 'View Source' in the browser menu bar, and couldn't find one.
Here is a script that is supposed to disable 'View Source' - I tried it out in my browser (IE 6.0) and it didn't work, so perhaps it only works in older versions of IE:
http://www.ezine-writer.com/no-source-code.html
(5) Encryption plus frames
This is a technique that will work on all but the most experienced web surfers. Here is the code for doing it:
http://www.ezine-writer.com/hidesource.html
I've created a copy of my index page using the above technique - if you click on View Source, all you see is a jumble of characters:
http://www.ezine-writer.com/encrypted.htm"
by: Michael Southon
-
August 25th, 2003, 03:15 PM
#5
dead links
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .: Bring OS X to x86!:.
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
-
August 25th, 2003, 03:49 PM
#6
sorry bout the dead links...i just checked myself ....well at least u get the idea so u mite search on google for those scripts.
/edit; THis works for netscape 6.0 but not IE 5.5,
<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title> New Document </title>
<script language="JavaScript">
window.menubar.visible=false;
function disableMenu(){
window.menubar.visible=false;
}
function enableMenu(){
window.menubar.visible=true;
}
</script>
</head>
<body bgcolor="#FFFFFF">
<script language="JavaScript">
document.oncontextmenu = function(){return false}
if(document.layers) {
window.captureEvents(Event.MOUSEDOWN);
window.onmousedown = function(e){
if(e.target==document)return false;
}
}
else {
document.onmousedown = function(){return false}
}
</script>
<form name=frm>
<input type=button name=btn value="Hide menubar" oclick='disableMenu()'/>
<input type=button name=btn value="Show menubar" oclick='enableMenu()'/>
</form>
</body>
</html>
Add this: <BODY oncontextmenu="return false"> to body for IE 5.5 to prevent right click.
Here's a few more codes i googled around that could work:
<SCRIPT language=JavaScript1.1>
<!-- Begin
function right(e) { if (navigator.appName == 'Netscape' && (e.which == 3 || e.which == 2)) return false; else if (navigator.appName == 'Microsoft Internet Explorer' && (event.button == 2 || event.button == 3)) { alert("This function disabled"); return false; } return true; } document.onmousedown=right; if (document.layers) window.captureEvents(Event.MOUSEDOWN); window.onmousedown=right;
// End -->
</SCRIPT>
OR
<script language=JavaScript>
<!--
//Disable right mouse click Script
var message="Function Disabled!";
///////////////////////////////////
function clickIE4(){
if (event.button==2){
alert(message);
return false;
}
}
function clickNS4(e){
if (document.layers||document.getElementById&&!document.all){
if (e.which==2||e.which==3){
alert(message);
return false;
}
}
}
if (document.layers){
document.captureEvents(Event.MOUSEDOWN);
document.onmousedown=clickNS4;
}
else if (document.all&&!document.getElementById){
document.onmousedown=clickIE4;
}
document.oncontextmenu=new Function("alert(message);return false")
// -->
</script>
Haven't tested them so not sure if they're gonna work or not....good luck
-
August 25th, 2003, 05:09 PM
#7
The answer is no....period. The browser has to be able to read the html for the end user to view anything. This means that any encoding method you use will be able to be decoded. Any client side scripting can be removed or turned off.
Server side scripting solutions only keep the end user from seeing the server side script. They won't see your asp, jsp, or php (unless your code sucks) but they will see any client side script and html.
Carriage returns will not hide it, they will just make the users scroll down.
Frames will not hide it, they will just force the user to view source on the appropriate frame.
The only possible way I could think of is if you displayed all your content through an activex control or java applet that is in a very simple html page. It is still possible for the end user to de-construct the applet/control...but it is a bit harder (but still not all that hard since there is software out on the net to do just that).
Anyone who tells you that you can keep your html secret is blowing smoke up your...
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
-
August 25th, 2003, 05:21 PM
#8
I agree with juridian, there is NO way so far that you can keep people from viewing your source. All you can do is just make it harder for them to see using some of the mentioned methods.
you can encrypt the source code though. Download a free trial version here: http://www.share2.com/htmlencr/ and you could buy the full version if u must not show the source code to any1
-
August 26th, 2003, 10:11 PM
#9
Cybr1d, WebProtector is pure snake oil. It took me 15 minutes to break their encryption, and I was doing other stuff at the time. The problem is that they're delivering your encrypted web page, and the JavaScript to decrypt it. You can just manually use their handily-supplied JS to decrypt the HTML source on your own.
Again, it makes it less convenient to look at somebody else's code, but it's not very different from putting blank lines at the top of the file or adding JS to disable the right-click menu (as long as you're using IE).
edit
BTW, here's their sooooper-secret "decryption" code. A lookup table, wow. Whee! Am I a DMCA violator now?
Code:
function a(s) {
t="<euHVqn3lYBJ5s#vC%X7j,~'_]$T[Z+gF4`Sf^p2r/9)NL@=U.z6:IaP (md*8A?x&hRM;>}{G-Wwo1Oycbi!DKQ|0tkE";
o=new String;
l=s.length;
for (i=0;i<l;i++) {
n=t.indexOf(s.charAt(i));
if(n==1) {
o+=s.charAt(i);
continue
}
if(n==0) {
o+=String.fromCharCode(10);
continue
}
if(n==1) {
o+=String.fromCharCode(13);
continue
}
if(n>1) {
o+=String.fromCharCode(n+30)
}
}
document.write(o)
}
-
August 27th, 2003, 09:47 AM
#10
Junior Member
Stegnography
Is there anyone who know how to decrypt a message who is hidden in a text on a html page. The message is exactly like a know article, in this case Einsteins Incompleteness Argument.
Best regards
Haag
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|