hide page source and disable right click
this url shows how to hide source code and disable right click on the page. The reason I'm posting this topic is that I just want to make sure it really works the way I think it works. right now it only works with IE just because I didn't spend extra time for it and that's why I posted this topic. Please do anything possible to view the source of the page which generates HTML and tell me how you did it...
http://www.frozendev.com/temp/protect/default.asp
thank you
dave
http://www.frozendev.com/temp/protect/default.asp
thank you
dave
Hi davidlars99,
there are three files...
1) default_asp
2) main
3) cencel
Now let us see their source....
1) default_asp
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN">
<!-- saved from url=(0049)http://www.frozendev.com/temp/protect/default.asp -->
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META http-equiv=PRAGMA content=NO-CACHE>
<SCRIPT language=Javascript>
function load_(){
window.frames[0].location=
}
</SCRIPT>
<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD><FRA
rows=100%,0,0 frameBorder=0 onload=load_()><FRAME name=content
src="default_asp_files/mai
scrolling=no><FRAME name=helper src="default_asp_files/cen
scrolling=no></FRAMESET></
2) main
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0046)http://www.frozendev.com/temp/protect/main.asp -->
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META http-equiv=PRAGMA content=NO-CACHE>
<SCRIPT language=Javascript>
function add_(html){
document.body.innerHTML=ht
window.parent.helper.locat
}
function load(){
window.parent.loader.locat
}
</SCRIPT>
<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD>
<BODY oncontextmenu="return false"
style="COLOR: #555555; BACKGROUND-COLOR: #000000" onload=load()></BODY></HTM
3) cencel
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0048)http://www.frozendev.com/temp/protect/cencel.asp -->
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META http-equiv=PRAGMA content=NO-CACHE>
<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD>
<BODY></BODY></HTML>
Regards,
---Pinal
there are three files...
1) default_asp
2) main
3) cencel
Now let us see their source....
1) default_asp
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN">
<!-- saved from url=(0049)http://www.frozendev.com/temp/protect/default.asp -->
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META http-equiv=PRAGMA content=NO-CACHE>
<SCRIPT language=Javascript>
function load_(){
window.frames[0].location=
}
</SCRIPT>
<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD><FRA
rows=100%,0,0 frameBorder=0 onload=load_()><FRAME name=content
src="default_asp_files/mai
scrolling=no><FRAME name=helper src="default_asp_files/cen
scrolling=no></FRAMESET></
2) main
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0046)http://www.frozendev.com/temp/protect/main.asp -->
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META http-equiv=PRAGMA content=NO-CACHE>
<SCRIPT language=Javascript>
function add_(html){
document.body.innerHTML=ht
window.parent.helper.locat
}
function load(){
window.parent.loader.locat
}
</SCRIPT>
<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD>
<BODY oncontextmenu="return false"
style="COLOR: #555555; BACKGROUND-COLOR: #000000" onload=load()></BODY></HTM
3) cencel
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0048)http://www.frozendev.com/temp/protect/cencel.asp -->
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META http-equiv=PRAGMA content=NO-CACHE>
<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD>
<BODY></BODY></HTML>
Regards,
---Pinal
In Firefox I can see the HTML using the "View HTML" menu option.
Hi davidlars99,
well, no body can hide page source in any condition. Period.
Just save that page in your disk and open in text editor.
Regards,
---Pinal
well, no body can hide page source in any condition. Period.
Just save that page in your disk and open in text editor.
Regards,
---Pinal
Hi davidlars99,
oncontextmenu="return false" will disable the right click.which the examples have used.
for more example of this go to
http://lab.artlung.com/scripting/oncontextmenu/
Regards,
---Pinal
oncontextmenu="return false" will disable the right click.which the examples have used.
for more example of this go to
http://lab.artlung.com/scripting/oncontextmenu/
Regards,
---Pinal
ASKER
pinaldave thank you for taking time in experimenting, but there is anoher file named loader.asp which generates the source and still remains hidden. have you tryied that yet?
Hi davidlars99,
that is server side and that is generating all the other files. Server side files can never be seen and they are also not considered as file like view source.
We can only see client side things which is known as view source file like html, javascript, css .
we can not see .jsp, .asp, .cfm or .php or other client side files.
Regards,
---Pinal
that is server side and that is generating all the other files. Server side files can never be seen and they are also not considered as file like view source.
We can only see client side things which is known as view source file like html, javascript, css .
we can not see .jsp, .asp, .cfm or .php or other client side files.
Regards,
---Pinal
ASKER
DaveyEss, have you tryied to view the source of loader.asp which actualy generates HTML and puts the source in main.asp?
Hi davidlars99,
sorry for being repeatative but nobody can see what is written in loader.asp... this is true with all there languages and all the sites which you surf during the day.
Regards,
---Pinal
sorry for being repeatative but nobody can see what is written in loader.asp... this is true with all there languages and all the sites which you surf during the day.
Regards,
---Pinal
Hi davidlars99,
also we are not able to see the what is written in cencel.asp we are looking into the cencel.htm which is generated from that file. we can not see .asp source from our client side browser only the person who wrote the file have access to those files.
Same way, much of hte code in our EE is written in .jsp only thing which we are able to see is .htm .
I hope this will clear the doubts.
Regards,
---Pinal
also we are not able to see the what is written in cencel.asp we are looking into the cencel.htm which is generated from that file. we can not see .asp source from our client side browser only the person who wrote the file have access to those files.
Same way, much of hte code in our EE is written in .jsp only thing which we are able to see is .htm .
I hope this will clear the doubts.
Regards,
---Pinal
No, I could not see what was in loader.asp As the asp file is executed server side to produce html, there should be no way that I can see the actual asp page.
ASKER
would you do or use something similar to what I've done to prevent users from viewing the source code?
all I'm trying to make sure is that, there are many developers who have questions about hiding the source and I just came up with some kind of stupid solution, I also understand that it will not work if javascript is disabled and if browser doesn't support frames. All I'm asking is would you do it if you wanted to hide the source despite all the things that might go wrong using this method...?
all I'm trying to make sure is that, there are many developers who have questions about hiding the source and I just came up with some kind of stupid solution, I also understand that it will not work if javascript is disabled and if browser doesn't support frames. All I'm asking is would you do it if you wanted to hide the source despite all the things that might go wrong using this method...?
If your system is configured correctly, there should be no way for people to view the asp source code. Many websites run this way.
You can't reliably hide the html, but the code that generated it should be hidden.
You can't reliably hide the html, but the code that generated it should be hidden.
Hi davidlars99,
Hiding HTML NOT POSSIBLE.
Hiding ASP or any server side code Possible all the time, and that people do.
Again hiding the html code is IMPOSSIBLE my friend,
Regards,
---Pinal
Hiding HTML NOT POSSIBLE.
Hiding ASP or any server side code Possible all the time, and that people do.
Again hiding the html code is IMPOSSIBLE my friend,
Regards,
---Pinal
ASKER
thank you for replying guys..
that's what I'm saying it's possible. as far as I know when ASP generates HTML you can only see HTML not ASP
so if it's not possible how did I hide the source? source which produces the following view like this...
cat eyes image at the top
WARNING!
HTML SOURCE CODE IS PROTECTED!
Anyway, you are welcome to break it...
Good Luck!
with this method I can hide any amount of source code I want.
that's what I'm saying it's possible. as far as I know when ASP generates HTML you can only see HTML not ASP
so if it's not possible how did I hide the source? source which produces the following view like this...
cat eyes image at the top
WARNING!
HTML SOURCE CODE IS PROTECTED!
Anyway, you are welcome to break it...
Good Luck!
with this method I can hide any amount of source code I want.
Hello,
is not this the concept behind server side language. This is universal. I assume that every programmer knows this.
Well, if you consider that as hiding source, then I accept as you can hide the source.
Regards,
---Pinal
is not this the concept behind server side language. This is universal. I assume that every programmer knows this.
Well, if you consider that as hiding source, then I accept as you can hide the source.
Regards,
---Pinal
ASKER
the code behind server side language is this, but there's no way of seeing it as far as I think and that's why asked...
I didn't say nobody knows it I just asked would you consider something like this as the Lame method or you'd consider it as something that might help in some ways?
I appraciate all you feedback Pinal and DaveyEss
default.asp
<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
%>
<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<script language="Javascript">
function load_(){
window.frames[0].location=
}
</script>
</head>
<%
session("frames")="OK"
%>
<frameset rows="100%,0,0" frameborder="0" onload="load_()">
<frame src="about:blank" name="content">
<frame src="about:blank" name="loader" scrolling="no">
<frame src="about:blank" name="helper" scrolling="no">
</frameset>
</html>
--------------------------
main.asp
<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
%>
<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<script language="Javascript">
function add_(html){
document.body.innerHTML=ht
window.parent.helper.locat
}
function load(){
window.parent.loader.locat
}
</script>
</head>
<body onload="load()" style="background-color:#0
</body>
</html>
--------------------------
cencel.asp
<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
response.write("<html>")
response.write("<head>")
response.write("<META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE>")
response.write("</head>")
response.write("<body>")
session("frames")=null
response.write("</body>")
response.write("</html>")
%>
--------------------------
loader.asp
<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
response.write("<html><hea
set oBrowser = Server.CreateObject("MSWC.
if oBrowser.JavaScript=True then
if session("frames")="OK" then
response.write("<script language=Javascript>if(win
response.write("var html=" & "'" & "<br><br<br><br><center><t
response.write("html+=" & "'" & "<br><br><h1 style=font-family:impact>W
response.write("try{top.co
session("frames")=null
else
response.write("<h2>The page source is protected, you cannot see it!</h2")
end if
end if
response.write("</body></h
%>
--------------------------
cheers!
dave
I didn't say nobody knows it I just asked would you consider something like this as the Lame method or you'd consider it as something that might help in some ways?
I appraciate all you feedback Pinal and DaveyEss
default.asp
<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
%>
<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<script language="Javascript">
function load_(){
window.frames[0].location=
}
</script>
</head>
<%
session("frames")="OK"
%>
<frameset rows="100%,0,0" frameborder="0" onload="load_()">
<frame src="about:blank" name="content">
<frame src="about:blank" name="loader" scrolling="no">
<frame src="about:blank" name="helper" scrolling="no">
</frameset>
</html>
--------------------------
main.asp
<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
%>
<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<script language="Javascript">
function add_(html){
document.body.innerHTML=ht
window.parent.helper.locat
}
function load(){
window.parent.loader.locat
}
</script>
</head>
<body onload="load()" style="background-color:#0
</body>
</html>
--------------------------
cencel.asp
<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
response.write("<html>")
response.write("<head>")
response.write("<META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE>")
response.write("</head>")
response.write("<body>")
session("frames")=null
response.write("</body>")
response.write("</html>")
%>
--------------------------
loader.asp
<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
response.write("<html><hea
set oBrowser = Server.CreateObject("MSWC.
if oBrowser.JavaScript=True then
if session("frames")="OK" then
response.write("<script language=Javascript>if(win
response.write("var html=" & "'" & "<br><br<br><br><center><t
response.write("html+=" & "'" & "<br><br><h1 style=font-family:impact>W
response.write("try{top.co
session("frames")=null
else
response.write("<h2>The page source is protected, you cannot see it!</h2")
end if
end if
response.write("</body></h
%>
--------------------------
cheers!
dave
Hi davidlars99,
dude, well in the sense you have asked the question. I will use this method to protect my code for sure. I like it!!! Seriously, it is not that easy to brake into it. btw, I already have bookmarked this q. so I can refer it in future. This was very interesting. I may use this method to protect my code, if needed. Smiles,
Regards,
---Pinal
dude, well in the sense you have asked the question. I will use this method to protect my code for sure. I like it!!! Seriously, it is not that easy to brake into it. btw, I already have bookmarked this q. so I can refer it in future. This was very interesting. I may use this method to protect my code, if needed. Smiles,
Regards,
---Pinal
ASKER
you say it is not that easy to brake into it, let me ask you one question is it possible at all?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The ASP Source code is protected on the server and only the resultant HTML code is displayed on the browser. So when you say you want to protect your ASP Source code, you already are. If you want to protect the resultant HTML code than it is next to impossible to protect it from any given situation. What works in IE does not always work in Mozilla, Firefox, and Opera. Even using Javascript can be easily disabled in any browser.
So, to answer your questions:
Can you protect ASP source code? Yes, it is stored on the server
Can you protect HTML code? Yes under very limited conditions, but there is no magic bullet that works everywhere.
So, to answer your questions:
Can you protect ASP source code? Yes, it is stored on the server
Can you protect HTML code? Yes under very limited conditions, but there is no magic bullet that works everywhere.
ASKER
yes pinal you are absolutly right I'm not expecting anybody to discuss hot to get into the server, which is not that easy I would say imposible for 99 developers out of 100 or something about that. plus it will result in several trials in court and maybe imprisionment up to several years in prison.
thank you very much pinal for you honest feedback I just have to wait for what other experts have to say about this issue and let me assure you you got the points...
cheers!
dave
thank you very much pinal for you honest feedback I just have to wait for what other experts have to say about this issue and let me assure you you got the points...
cheers!
dave
Hi davidlars99,
thanks man. I knew from the beginning that you will apriciate honest answer then sugercotted words. I am ColdFusion guy and MS in Computer Security. So have spend so much time in all this. Have a good day buddy!
Regards,
---Pinal
thanks man. I knew from the beginning that you will apriciate honest answer then sugercotted words. I am ColdFusion guy and MS in Computer Security. So have spend so much time in all this. Have a good day buddy!
Regards,
---Pinal
ASKER
hi KerryG, I can make it work in any browser If I want to and try to, but not yet I just want to see what others think about this issue
thank you
thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok go ahead and do all you can and show me the HTML source which generates content on main page
thank you
thank you
<center>
<table id="table1">
<tr>
<td vAlign="center" align="middle">
<img src="http://www.frozendev.com/temp/protect/eyes.gif"></td>
</tr>
</table>
<br>
<br>
<h1 style="FONT-FAMILY: impact">WARNING!<br>
<br>
HTML SOURCE CODE IS PROTECTED!<br>
Anyway, you are welcome to break it...<br>
<br>
<font size="6">Good Luck!</font></h1>
</center>
<table id="table1">
<tr>
<td vAlign="center" align="middle">
<img src="http://www.frozendev.com/temp/protect/eyes.gif"></td>
</tr>
</table>
<br>
<br>
<h1 style="FONT-FAMILY: impact">WARNING!<br>
<br>
HTML SOURCE CODE IS PROTECTED!<br>
Anyway, you are welcome to break it...<br>
<br>
<font size="6">Good Luck!</font></h1>
</center>
ASKER
Fairco, I will make that directory and all files in that directory password protected would you still be able to do it with downloader?
Hi davidlars99,
in that case browser will be not able to reach there. if browser can see it one can get it.
Regards,
---Pinal
in that case browser will be not able to reach there. if browser can see it one can get it.
Regards,
---Pinal
A downloader program would need to know the login/password.
ASKER
KerryG, I'm not using "" double quotes in my original source
<BR><BR<BR><BR>
<CENTER>
<TABLE>
<TBODY>
<TR>
<TD vAlign=center align=middle><IMG src="http://www.frozendev.com/temp/protect/eyes.gif"></TD></TR></TBODY><
<H1 style="FONT-FAMILY: impact">WARNING!<BR><BR>HT
javascript:document.write(
easy. I've gone through all this **** before. I have code that comes -really- close to being impossible to get, but with the javascript above (well something slightly different), it's still very easy. it is -IMPOSSIBLE- to hide your source code. If nothing else you can get a packet sniffer.
e-mail me if you want the code: <email removed>
<CENTER>
<TABLE>
<TBODY>
<TR>
<TD vAlign=center align=middle><IMG src="http://www.frozendev.com/temp/protect/eyes.gif"></TD></TR></TBODY><
<H1 style="FONT-FAMILY: impact">WARNING!<BR><BR>HT
javascript:document.write(
easy. I've gone through all this **** before. I have code that comes -really- close to being impossible to get, but with the javascript above (well something slightly different), it's still very easy. it is -IMPOSSIBLE- to hide your source code. If nothing else you can get a packet sniffer.
e-mail me if you want the code: <email removed>
If that's the only thing that occured during translation I would say I proved my point quite well. Since the page doesn't even display in browsers other than IE you are simply trading some minor security for a total lack of compatibility.
davidlars99, yes, Teleport pro supports HTTP basic authentication.
cwolves, please put a thread into Support requesting that your email address be removed. Posting your email within the thread is one of the "Big Mistakes" in the EE Guidelines. Please see: https://www.experts-exchange.com/Web/help.jsp#hi99 to view this section of the Guidelines.
Also, to comment on this thread - there is no way to completely block someone from viewing your code, or stealing your images, or ripping your layout. If you dont want anyone to get it, dont post it. Its as easy as that. If you care so much about code theft, dont post to the web, but otherwise, people will find a way to rip your stuff.
Also, to comment on this thread - there is no way to completely block someone from viewing your code, or stealing your images, or ripping your layout. If you dont want anyone to get it, dont post it. Its as easy as that. If you care so much about code theft, dont post to the web, but otherwise, people will find a way to rip your stuff.
ASKER
flow79, personaly I don't care who will view my source code I was just trying to come close to the issue despite the fact that I knew it was impossible
thank you for you opinion
thank you for you opinion
By the way, if we are at the topic...
If you want to see a real lame protection, see this page: http://www.mailmontage.com/index_test.html
Interesting idea, but requires 5 or less minute to write a decrypter script. Not to mention thousands of other methods....
But what makes one's stomach to turn out is that they are asking for money to get the crypter program! See this page for details: http://www.hypergurl.com/htmlProtector.html
What do you buy when you purchase the crypto software? Not security, that's for sure.
If you want to see a real lame protection, see this page: http://www.mailmontage.com/index_test.html
Interesting idea, but requires 5 or less minute to write a decrypter script. Not to mention thousands of other methods....
But what makes one's stomach to turn out is that they are asking for money to get the crypter program! See this page for details: http://www.hypergurl.com/htmlProtector.html
What do you buy when you purchase the crypto software? Not security, that's for sure.
this thread makes me wonder whether you know the difference between source code and HTML "source"
Just because the words are the same, doesn't mean they are the same thing.
Source Code is what generates the web page. This can only be executed, not read. When it is executed, it generates the HTML that the browser downloads and the user can read with "view source".
The code (included files, asp files, whatever) can be requested by the user if they know where to look - but without permissions set to download them, all they can do is ask the server to execute them.
Mike
Just because the words are the same, doesn't mean they are the same thing.
Source Code is what generates the web page. This can only be executed, not read. When it is executed, it generates the HTML that the browser downloads and the user can read with "view source".
The code (included files, asp files, whatever) can be requested by the user if they know where to look - but without permissions set to download them, all they can do is ask the server to execute them.
Mike
There are all kinds of swindleware sites around the net. You have managed to duplicate what a some of them try to sell to the gullible to "protect their code". As already indicated downloaders and packet snifers pick it up. So will script filters, memory mappers snapshots, and the better DOM inspectors. What you have created is a convoluted piece of code that does not work cross-browser; will not be accessible for anyone using devices for the visually impaired; will not be pick up by search engines; and is totally 100% unimpressive. I've seen much better attempts in flash and using applets. I've seen some pretty slick attempts using activeX and base64.
On a scale of 1 to 10 this rates about 1.5 maybe even 2, but no higher because of low usability.
There are a handful of sites on the Internet that really have very advanced programming like MSDN, Ebay and CNN. Given the huge investment they have and the enourmous resources; do you not wonder why they have not found a way to hide source? Perhaps you should let Bill Gates know you have a solution and see how much the big sites are willing to pay.
Cd&
On a scale of 1 to 10 this rates about 1.5 maybe even 2, but no higher because of low usability.
There are a handful of sites on the Internet that really have very advanced programming like MSDN, Ebay and CNN. Given the huge investment they have and the enourmous resources; do you not wonder why they have not found a way to hide source? Perhaps you should let Bill Gates know you have a solution and see how much the big sites are willing to pay.
Cd&
default.asp opens a frameset. into the frameset it calls main.asp and loader.asp, which uses a javascript variable to store the source.
main.asp pulls the source from the js variable and uses innerHTML replacement to put the source into the document, then loader.asp is replaced with cencel.asp, a blank document.
<html>
<head>
<META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE>
</head>
<body>
<script language=Javascript>
if(window.frames.length==0
var html='<br><br<br><br><cent
html+='<br><br><h1 style=font-family:impact>W
try{
top.content.add_(html);
self.location='about:blank
}
catch(e){}
</script>
</body>
</html>
consider it broken - and Cd&, you're over rating it, I wouldn't even give it 1/10 for ingenuity.
Mike
main.asp pulls the source from the js variable and uses innerHTML replacement to put the source into the document, then loader.asp is replaced with cencel.asp, a blank document.
<html>
<head>
<META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE>
</head>
<body>
<script language=Javascript>
if(window.frames.length==0
var html='<br><br<br><br><cent
html+='<br><br><h1 style=font-family:impact>W
try{
top.content.add_(html);
self.location='about:blank
}
catch(e){}
</script>
</body>
</html>
consider it broken - and Cd&, you're over rating it, I wouldn't even give it 1/10 for ingenuity.
Mike
ASKER
I was not looking for rating or was trying to impress people my question was as clear as it seems and not more then that. It was done in asp and I did not ask for flash or java.
> You have managed to duplicate what a some of them try to sell to the gullible to "protect their code"
I spend my own time and mind to do it I did not do the way you think I did it.
COBOLdinosaur I find your comment not appropriate and personaly softly insulting in the way where you try do disrespect my ability of understanding things while we are strangers to each other.
would you tell the same thing to somebody when you are face to face with each other? I think NOT, because you might get hurt and that is true...
> You have managed to duplicate what a some of them try to sell to the gullible to "protect their code"
I spend my own time and mind to do it I did not do the way you think I did it.
COBOLdinosaur I find your comment not appropriate and personaly softly insulting in the way where you try do disrespect my ability of understanding things while we are strangers to each other.
would you tell the same thing to somebody when you are face to face with each other? I think NOT, because you might get hurt and that is true...
it's not done in asp at all, it's done in HTML and JavaScript. Just because the page has an .asp extension doesn't mean there's a scrap of server-side code involved.
Mike
Mike
ASKER
this is the code behind
default.asp
<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
%>
<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<script language="Javascript">
function load_(){
window.frames[0].location=
}
</script>
</head>
<%
session("frames")="OK"
%>
<frameset rows="100%,0,0" frameborder="0" onload="load_()">
<frame src="about:blank" name="content">
<frame src="about:blank" name="loader" scrolling="no">
<frame src="about:blank" name="helper" scrolling="no">
</frameset>
</html>
--------------------------
main.asp
<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
%>
<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<script language="Javascript">
function add_(html){
document.body.innerHTML=ht
window.parent.helper.locat
}
function load(){
window.parent.loader.locat
}
</script>
</head>
<body onload="load()" style="background-color:#0
</body>
</html>
--------------------------
cencel.asp
<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
response.write("<html>")
response.write("<head>")
response.write("<META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE>")
response.write("</head>")
response.write("<body>")
session("frames")=null
response.write("</body>")
response.write("</html>")
%>
--------------------------
loader.asp
<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
response.write("<html><hea
set oBrowser = Server.CreateObject("MSWC.
if oBrowser.JavaScript=True then
if session("frames")="OK" then
response.write("<script language=Javascript>if(win
response.write("var html=" & "'" & "<br><br<br><br><center><t
response.write("html+=" & "'" & "<br><br><h1 style=font-family:impact>W
response.write("try{top.co
session("frames")=null
else
response.write("<h2>The page source is protected, you cannot see it!</h2")
end if
end if
response.write("</body></h
%>
--------------------------
default.asp
<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
%>
<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<script language="Javascript">
function load_(){
window.frames[0].location=
}
</script>
</head>
<%
session("frames")="OK"
%>
<frameset rows="100%,0,0" frameborder="0" onload="load_()">
<frame src="about:blank" name="content">
<frame src="about:blank" name="loader" scrolling="no">
<frame src="about:blank" name="helper" scrolling="no">
</frameset>
</html>
--------------------------
main.asp
<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
%>
<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<script language="Javascript">
function add_(html){
document.body.innerHTML=ht
window.parent.helper.locat
}
function load(){
window.parent.loader.locat
}
</script>
</head>
<body onload="load()" style="background-color:#0
</body>
</html>
--------------------------
cencel.asp
<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
response.write("<html>")
response.write("<head>")
response.write("<META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE>")
response.write("</head>")
response.write("<body>")
session("frames")=null
response.write("</body>")
response.write("</html>")
%>
--------------------------
loader.asp
<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
response.write("<html><hea
set oBrowser = Server.CreateObject("MSWC.
if oBrowser.JavaScript=True then
if session("frames")="OK" then
response.write("<script language=Javascript>if(win
response.write("var html=" & "'" & "<br><br<br><br><center><t
response.write("html+=" & "'" & "<br><br><h1 style=font-family:impact>W
response.write("try{top.co
session("frames")=null
else
response.write("<h2>The page source is protected, you cannot see it!</h2")
end if
end if
response.write("</body></h
%>
--------------------------
ASKER
I know this is not the perfect way, but It's the mosth that Javascript, HTML and ASP can do with at this point. Using ActiveX will scare users off with its ugly message concerning activex action...
gee, that's clever.
whatever is this, but this is the most interesting thread to participate and great knowledge sharing.
I will just say Thanks to davidlars99 for bringing this to board.
Regards,
---Pinal
I will just say Thanks to davidlars99 for bringing this to board.
Regards,
---Pinal
ASKER
I really DO NOT WANT to spend more time with this script, but I'm 10000% sure that I can make it crossbrowser, I mean come on you know it's not a big deal right?
make it cross browser, make it work without javascript for lynx, make it accessible and make it readable by the search engines, then patent it and make a billion dollars.
see you in 20 years.
Mike
see you in 20 years.
Mike
ASKER
If I make that happen what are the chances to see me in 20 years on the scale of 0 to 10...? -:)
The only way i know to make a website code unreadable is to encrypt it. A few programs offer this, regards.
ASKER
you mean something like this..?
http://www.mailmontage.com/index_test.html
http://www.mailmontage.com/index_test.html
Yep, but if you know how you can still get the code... ;)
<HTML>
<HEAD>
<TITLE>Mail Montage</TITLE>
<META NAME="description" CONTENT="PSP Picture Tubes made from Scratch, Email Stationery for Outlook Express, E-Cards and PSP Tutorials">
<META NAME="keywords" CONTENT="email stationery, Outlook Express stationery, picture tubes, PSP tubes, scratch tubes, e-cards, ecards, psp ecards, psp e-cards, PSP Tutorials, Paint Shop Pro Tutorials, PSP7 Tutorials">
<link rel="SHORTCUT ICON" href="http://www.mailmontage.com/favicon1.ico">
<STYLE>A:HOVER {color:#FFFFFF;text-decora
</HEAD>
<BODY BACKGROUND="table1.gif" BGCOLOR=#877666 TEXT=#403531 LINK=#403531 VLINK=#403531 ALINK=#C5B8A8>
<BR>
<BR>
<CENTER><TABLE BACKGROUND="table2.gif" BGCOLOR=#C5B8A8 BORDER="3" BORDERCOLOR=#403531 WIDTH="90%" CELLPADDING="50" CELLSPACING="0">
<TR>
<TD WIDTH="100%">
<P><CENTER><TABLE BACKGROUND="table1.gif" BGCOLOR=#877666 color BORDER="3" BORDERCOLOR=#403531 WIDTH="100%" CELLPADDING="5" CELLSPACING="0">
<TR><TD WIDTH="100%">
<BR>
<center><IMG SRC="mailmontage.gif" ALT="Welcome to Mail Montage"></center>
<BR><BR>
<center><IMG SRC="lady.gif" ALT="Welcome to Mail Montage"></center>
<BR><BR><BR>
<center><FONT SIZE="6" FACE="ARIAL"><b>Welcome to Mail Montage</b></font></center
<center><FONT SIZE="5" FACE="ARIAL">This website is divided into two areas<BR>
a Free Area for non-members and<BR>
and a paid Membership Area.
<BR><BR><BR>
In the Free Area you will find <A HREF="http://www.mailmontage.com/greetingcards.html"><FONT SIZE="5" FACE="ARIAL">E-Cards</FONT
</font></center>
<center><FONT SIZE="5" FACE="ARIAL"><A HREF="http://www.mailmontage.com/stationery.html"><FONT SIZE="5" FACE="ARIAL">Email Stationery</FONT></A> for Outlook Express<BR>
<center><FONT SIZE="5" FACE="ARIAL"><A HREF="http://www.mailmontage.com/freetubes.html"><FONT SIZE="5" FACE="ARIAL">Free PSP Tubes</FONT></A> which I have made<BR>from tutorials available on the internet
<BR><BR><BR>
In the paid Membership Area you will find
<BR>my own mouse-drawn <A HREF="http://www.mailmontage.com/psptubes.html"><FONT SIZE="5" FACE="ARIAL">PSP Tubes</FONT></A><BR>
<A HREF="http://www.mailmontage.com/tutorials.html"><FONT SIZE="5" FACE="ARIAL">PSP Tutorials</FONT></A> which I have written<BR>
and my Seamless <A HREF="http://www.mailmontage.com/backgrounds.html"><FONT SIZE="5" FACE="ARIAL">Background Tiles</FONT></A>
<BR><BR><BR>
Thank you for visiting
<BR>
I hope you enjoy your stay!
</font></center>
<BR><BR>
<CENTER><!--WEBBOT bot="HTMLMarkup" startspan ALT="Site Meter" -->
<a href="http://s14.sitemeter.com/stats.asp?site=s14mailmontage" target="_top">
<img src="http://s14.sitemeter.com/meter.asp?site=s14mailmontage" alt="Site Meter" border=0></a>
<!--WEBBOT bot="HTMLMarkup" Endspan --></center>
<BR><BR>
<center><FONT SIZE="1" FACE="Arial"><B>Copyright ©2002-2004 Amanda Marsden</B></FONT></center
<BR>
</td>
</tr>
</table></center>
</TD>
</TR>
</TABLE>
</CENTER>
</TD>
</TR>
</TABLE>
</CENTER>
<BR>
<BR>
<center><embed src="Casper-Enchanting.mid
</embed></center>
</BODY>
</HTML>
WOW!!! really worth protecting!
Mike
<HEAD>
<TITLE>Mail Montage</TITLE>
<META NAME="description" CONTENT="PSP Picture Tubes made from Scratch, Email Stationery for Outlook Express, E-Cards and PSP Tutorials">
<META NAME="keywords" CONTENT="email stationery, Outlook Express stationery, picture tubes, PSP tubes, scratch tubes, e-cards, ecards, psp ecards, psp e-cards, PSP Tutorials, Paint Shop Pro Tutorials, PSP7 Tutorials">
<link rel="SHORTCUT ICON" href="http://www.mailmontage.com/favicon1.ico">
<STYLE>A:HOVER {color:#FFFFFF;text-decora
</HEAD>
<BODY BACKGROUND="table1.gif" BGCOLOR=#877666 TEXT=#403531 LINK=#403531 VLINK=#403531 ALINK=#C5B8A8>
<BR>
<BR>
<CENTER><TABLE BACKGROUND="table2.gif" BGCOLOR=#C5B8A8 BORDER="3" BORDERCOLOR=#403531 WIDTH="90%" CELLPADDING="50" CELLSPACING="0">
<TR>
<TD WIDTH="100%">
<P><CENTER><TABLE BACKGROUND="table1.gif" BGCOLOR=#877666 color BORDER="3" BORDERCOLOR=#403531 WIDTH="100%" CELLPADDING="5" CELLSPACING="0">
<TR><TD WIDTH="100%">
<BR>
<center><IMG SRC="mailmontage.gif" ALT="Welcome to Mail Montage"></center>
<BR><BR>
<center><IMG SRC="lady.gif" ALT="Welcome to Mail Montage"></center>
<BR><BR><BR>
<center><FONT SIZE="6" FACE="ARIAL"><b>Welcome to Mail Montage</b></font></center
<center><FONT SIZE="5" FACE="ARIAL">This website is divided into two areas<BR>
a Free Area for non-members and<BR>
and a paid Membership Area.
<BR><BR><BR>
In the Free Area you will find <A HREF="http://www.mailmontage.com/greetingcards.html"><FONT SIZE="5" FACE="ARIAL">E-Cards</FONT
</font></center>
<center><FONT SIZE="5" FACE="ARIAL"><A HREF="http://www.mailmontage.com/stationery.html"><FONT SIZE="5" FACE="ARIAL">Email Stationery</FONT></A> for Outlook Express<BR>
<center><FONT SIZE="5" FACE="ARIAL"><A HREF="http://www.mailmontage.com/freetubes.html"><FONT SIZE="5" FACE="ARIAL">Free PSP Tubes</FONT></A> which I have made<BR>from tutorials available on the internet
<BR><BR><BR>
In the paid Membership Area you will find
<BR>my own mouse-drawn <A HREF="http://www.mailmontage.com/psptubes.html"><FONT SIZE="5" FACE="ARIAL">PSP Tubes</FONT></A><BR>
<A HREF="http://www.mailmontage.com/tutorials.html"><FONT SIZE="5" FACE="ARIAL">PSP Tutorials</FONT></A> which I have written<BR>
and my Seamless <A HREF="http://www.mailmontage.com/backgrounds.html"><FONT SIZE="5" FACE="ARIAL">Background Tiles</FONT></A>
<BR><BR><BR>
Thank you for visiting
<BR>
I hope you enjoy your stay!
</font></center>
<BR><BR>
<CENTER><!--WEBBOT bot="HTMLMarkup" startspan ALT="Site Meter" -->
<a href="http://s14.sitemeter.com/stats.asp?site=s14mailmontage" target="_top">
<img src="http://s14.sitemeter.com/meter.asp?site=s14mailmontage" alt="Site Meter" border=0></a>
<!--WEBBOT bot="HTMLMarkup" Endspan --></center>
<BR><BR>
<center><FONT SIZE="1" FACE="Arial"><B>Copyright ©2002-2004 Amanda Marsden</B></FONT></center
<BR>
</td>
</tr>
</table></center>
</TD>
</TR>
</TABLE>
</CENTER>
</TD>
</TR>
</TABLE>
</CENTER>
<BR>
<BR>
<center><embed src="Casper-Enchanting.mid
</embed></center>
</BODY>
</HTML>
WOW!!! really worth protecting!
Mike
ASKER
:-)
Hi, new to the site so sorry if this was already addressed above:
I type this into the address bar to see the source code for a page:
javascript:void(window.ope
I type this into the address bar to see the source code for a page:
javascript:void(window.ope
ASKER
this is very cool and tricky..! seems to me that it will only display spit out :-) if you know what I mean :-), like I said it's very cool I liked it...
BTW, very impressive first time at EE comment kaht...
BTW, very impressive first time at EE comment kaht...
ASKER
OK, I did some improvments
it's crossbrowser and I think downloaders and packet snifers cannot grab the source, I tested it on my PC and it worked
only thing that sucks is, I can't check if Javascript is enabled or disabled from ASP in order to... you know what..! :-)
seems to me that browser cup doesn't do its job when you really need it
it's crossbrowser and I think downloaders and packet snifers cannot grab the source, I tested it on my PC and it worked
only thing that sucks is, I can't check if Javascript is enabled or disabled from ASP in order to... you know what..! :-)
seems to me that browser cup doesn't do its job when you really need it
> packet snifers cannot grab the source
What planet are you on?
> seems to me that browser cup doesn't do its job when you really need it
most newer browsers can disable javascript when a page is loaded. how is your server going to know that?
To render a page, you NEED to send source to the browser. NOTHING on this earth will ever stop that.
If it's sent to a browser, it's already on the client's PC and can be read in one form or another.
Question: What is so innovative or unique about the page that you want to protect? It seems like your futile attempt to do the impossible is only the precursor to something stunningly groundbreaking - why don't you just get a patent out on the page BEFORE you put it in the public domain?
Mike
What planet are you on?
> seems to me that browser cup doesn't do its job when you really need it
most newer browsers can disable javascript when a page is loaded. how is your server going to know that?
To render a page, you NEED to send source to the browser. NOTHING on this earth will ever stop that.
If it's sent to a browser, it's already on the client's PC and can be read in one form or another.
Question: What is so innovative or unique about the page that you want to protect? It seems like your futile attempt to do the impossible is only the precursor to something stunningly groundbreaking - why don't you just get a patent out on the page BEFORE you put it in the public domain?
Mike
ASKER
why's everybody keep thinking that I want to protect my source code or it would be nicely over if I simply patent it... :-)
don't you realize my dear friend that uncle dave is having fun. if you don't want to be part of it then get out of the planet
whereever planet I'm from and you won't be frustrated or bothered... :-)
don't you realize my dear friend that uncle dave is having fun. if you don't want to be part of it then get out of the planet
whereever planet I'm from and you won't be frustrated or bothered... :-)
################
### ###
### TROLL FOOD ###
### ###
### ------> ###
### ###
################
##
##
##
## @ @@
## @@ @@
## \____________/
---\|/--------------------
Ascii doesn't work too well on here, but the troll food is potent stuff :-)
Mike
### ###
### TROLL FOOD ###
### ###
### ------> ###
### ###
################
##
##
##
## @ @@
## @@ @@
## \____________/
---\|/--------------------
Ascii doesn't work too well on here, but the troll food is potent stuff :-)
Mike
ASKER
and take your food with you... :-) :-)
ASKER
OK, try now with sniffers... let's see what happens :)
Hello,
I am reallying having fun and I am reading all the comments. I agree with David that this good point and good to participate.
Another point.. who is Uncle DAVE (angry face). If it is you david that is fine.
If you are refering me --- I turned 25 last month. (smiles smiles)
Okey David if you really have made it cross platform. I will say good job buddy... way to go.
Regards,
---Pinal
I am reallying having fun and I am reading all the comments. I agree with David that this good point and good to participate.
Another point.. who is Uncle DAVE (angry face). If it is you david that is fine.
If you are refering me --- I turned 25 last month. (smiles smiles)
Okey David if you really have made it cross platform. I will say good job buddy... way to go.
Regards,
---Pinal
ASKER
well, I'll be 25 in nowember so you're older then I am... :) uncle dave, mike, bob and ect. is just an old jocky saying. It doesn't really mean that I qualify as uncle or I'm old enough to be the uncle :) :) :)
You made my day Davidlars99. I have not laughed like this in three days. :):):)
---Pinal
---Pinal
there is no real way to protect images or source, except if u use flash, but u can always use a screen capture to copy an image and then just crop it out in like Photoshop or something
you can come very close to protecting images...at least make it so that most people can't d/l them:
set the img src to a 1x1px transparent image. use CSS to set the background for that image to the real image. put the CSS in an asp/php page and check the http_referer variable to see if it's coming from the correct page.
set a 100ms interval with javascript that clears the clipboard.
results:
they can't right-click/save the image because it saves the 1x1px image.
if they right click and get the path to the image they get path to the 1x1px image.
-most- people can't get the css file (the above method is the simplest way I know of of protecting source code and it works fairly well)
they can't do a print screen because the clipboard is "instantly" cleared.
set the img src to a 1x1px transparent image. use CSS to set the background for that image to the real image. put the CSS in an asp/php page and check the http_referer variable to see if it's coming from the correct page.
set a 100ms interval with javascript that clears the clipboard.
results:
they can't right-click/save the image because it saves the 1x1px image.
if they right click and get the path to the image they get path to the 1x1px image.
-most- people can't get the css file (the above method is the simplest way I know of of protecting source code and it works fairly well)
they can't do a print screen because the clipboard is "instantly" cleared.
cwolves,
Clear my clipboard without my consent and I'll be rather cross - I'd certainly never visit your website ever again, nor recommend it to any of my friends, associates or relatives. Congratulations, you've lost a visitor :-(
Whatever idiot lets javascript interfere with system processes deserves what they get :-)
Mike
Clear my clipboard without my consent and I'll be rather cross - I'd certainly never visit your website ever again, nor recommend it to any of my friends, associates or relatives. Congratulations, you've lost a visitor :-(
Whatever idiot lets javascript interfere with system processes deserves what they get :-)
Mike
but you don't get my images! *laughs*
okay, slight revision: look at the clipboard contents when they first hit the site. If the contents change and it's an image (read the first few bytes of the clipboard), clear it then.
okay, slight revision: look at the clipboard contents when they first hit the site. If the contents change and it's an image (read the first few bytes of the clipboard), clear it then.
why not store the clipboard contents in a hidden field, and replace them if they change - so you're not deleting stuff - in fact why not submit that data back to yourself to see what people are hiding from you?
so, how do you wipe the image from the temporary internet files, or how do you cope with people faking the refering page in their browser headers?
how do you stop applications like grab-it and snapshot that don't use the clipboard?
how do you stop people printing to pdf then clipping the picture out of it?
how do you sleep at night knowing people could actually be VIEWING your website without your consent, storing it albeit temporarily on their screen - what if they just leave the browser open and hang the screen on their wall - a permanent copy of your site displayed to all visitors? hell, they could even charge admittance!!!
maybe you should get people to sign a disclaimer before they visit your page - or get the Men In Black to neuralise each visitor after 30 seconds!
opinions?
Mike
so, how do you wipe the image from the temporary internet files, or how do you cope with people faking the refering page in their browser headers?
how do you stop applications like grab-it and snapshot that don't use the clipboard?
how do you stop people printing to pdf then clipping the picture out of it?
how do you sleep at night knowing people could actually be VIEWING your website without your consent, storing it albeit temporarily on their screen - what if they just leave the browser open and hang the screen on their wall - a permanent copy of your site displayed to all visitors? hell, they could even charge admittance!!!
maybe you should get people to sign a disclaimer before they visit your page - or get the Men In Black to neuralise each visitor after 30 seconds!
opinions?
Mike
I was giving an example if someone wanted to do it!
To be honest, if someone took their monitor and hung it on their wall with my website up on it and left it there, I'd be honored! lol
you can pipe images through a scripting language (asp, php, etc) and turn caching off...no file in temp internet files.
printing prints the null.gif with the above example, even when printing to a pdf.
and grab-it and the like can't be stopped with javascript.
The above example still stops -most- people.
And as for everything else, my personal website is the most amazing website in the world...I could easily sell it for millions of dolalrs. To prevent people from stealing it, it resides only in c:\inetpub on one of my home computers that doesn't have internet access of any kind. If someone steals my computer, the files are encrypted with a 1024 byte key. To anyone that wants -real- security, I suggest you follow suit.
To be honest, if someone took their monitor and hung it on their wall with my website up on it and left it there, I'd be honored! lol
you can pipe images through a scripting language (asp, php, etc) and turn caching off...no file in temp internet files.
printing prints the null.gif with the above example, even when printing to a pdf.
and grab-it and the like can't be stopped with javascript.
The above example still stops -most- people.
And as for everything else, my personal website is the most amazing website in the world...I could easily sell it for millions of dolalrs. To prevent people from stealing it, it resides only in c:\inetpub on one of my home computers that doesn't have internet access of any kind. If someone steals my computer, the files are encrypted with a 1024 byte key. To anyone that wants -real- security, I suggest you follow suit.
it's amazing, I'm looking at it now!
Mike
Mike
damn you! I knew I shouldn't have told my cat the password!
<HTML><HEAD>
<META http-equiv=PRAGMA content=NO-CACHE>
<SCRIPT language=Javascript>
function add_(html){
document.body.innerHTML=ht
top.helper.location="cence
}
function load(){
document.onselectstart=fun
top.loader.location="loade
setTimeout('shake2(10)',20
}
var i,j;
function shake2(n){
for(i=10;i>0;i--) {
for(j=n;j>0;j--){
window.parent.moveTo(0,i);
window.parent.moveTo(i,0);
window.parent.moveTo(0,-i)
window.parent.moveTo(-i,0)
}
}
}
</SCRIPT>
</HEAD>
<BODY oncontextmenu="return false" onmousedown=shake2(4) style="COLOR: #555555; BACKGROUND-COLOR: #000000" onload=load()><BR><BR<BR><
<CENTER>
<TABLE>
<TBODY>
<TR>
<TD vAlign=center align=middle><IMG src="http://www.frozendev.com/temp/protect/eyes.gif"></TD></TR></TBODY><
<H1 style="FONT-FAMILY: impact">WARNING!
<DIV></DIV><BR><BR>HTML SOURCE CODE IS PROTECTED!<BR>Anyway, you are welcome to break it... <BR><BR><FONT size=6>Good Luck!</FONT></H1></CENTER>
<META http-equiv=PRAGMA content=NO-CACHE>
<SCRIPT language=Javascript>
function add_(html){
document.body.innerHTML=ht
top.helper.location="cence
}
function load(){
document.onselectstart=fun
top.loader.location="loade
setTimeout('shake2(10)',20
}
var i,j;
function shake2(n){
for(i=10;i>0;i--) {
for(j=n;j>0;j--){
window.parent.moveTo(0,i);
window.parent.moveTo(i,0);
window.parent.moveTo(0,-i)
window.parent.moveTo(-i,0)
}
}
}
</SCRIPT>
</HEAD>
<BODY oncontextmenu="return false" onmousedown=shake2(4) style="COLOR: #555555; BACKGROUND-COLOR: #000000" onload=load()><BR><BR<BR><
<CENTER>
<TABLE>
<TBODY>
<TR>
<TD vAlign=center align=middle><IMG src="http://www.frozendev.com/temp/protect/eyes.gif"></TD></TR></TBODY><
<H1 style="FONT-FAMILY: impact">WARNING!
<DIV></DIV><BR><BR>HTML SOURCE CODE IS PROTECTED!<BR>Anyway, you are welcome to break it... <BR><BR><FONT size=6>Good Luck!</FONT></H1></CENTER>
ASKER
cwolves, it is very strange because I don't use these " and I don't have <tbody> tag either. your posted code looks totaly different to what I really have in there... but it's close, if you don't mind tell me how did you do it
How about this?
default.asp
-------------
<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<script language="Javascript">
function load_(){
window.frames[0].location=
}
</script>
</head>
<frameset rows="100%,0,0" frameborder="0" onload="load_()">
<frame src="about:blank" name="content">
<frame src="about:blank" name="loader" scrolling="no">
<frame src="about:blank" name="helper" scrolling="no">
</frameset>
</html>
main.asp
-----------
<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<script language="Javascript">
function add_(html){
document.body.innerHTML=ht
top.helper.location="cence
}
function load(){
document.onselectstart=fun
top.loader.location="loade
setTimeout('shake2(10)',20
}
var i,j;
function shake2(n){
for(i=10;i>0;i--) {
for(j=n;j>0;j--){
window.parent.moveTo(0,i);
window.parent.moveTo(i,0);
window.parent.moveTo(0,-i)
window.parent.moveTo(-i,0)
}
}
}
</script>
</head>
<body onload="load()" onmousedown="shake2(4)" style="background-color:#0
</body>
</html>
loader.asp (you should really include some line breaks here! :) )
-------------
<html><head><META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE><noscript
cencel.asp
------------
<html><head><META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE></head><b
I got this code using a packet sniffer, namely Proxy Sniffer Free Edition V3.1 ( http://www.download.com/Proxy-Sniffer-Free-Edition/3000-2181-10284699.html ). It cached all the pages that went througth the browser and I just had to pick the files from the cache's GUI interface.
Davidlars, there's a typo error in the Javascript-wrapped HTML text in loader.asp. It opens a <h1> tag, but closes it using </h4>. The browsers do not care this though.
default.asp
-------------
<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<script language="Javascript">
function load_(){
window.frames[0].location=
}
</script>
</head>
<frameset rows="100%,0,0" frameborder="0" onload="load_()">
<frame src="about:blank" name="content">
<frame src="about:blank" name="loader" scrolling="no">
<frame src="about:blank" name="helper" scrolling="no">
</frameset>
</html>
main.asp
-----------
<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<script language="Javascript">
function add_(html){
document.body.innerHTML=ht
top.helper.location="cence
}
function load(){
document.onselectstart=fun
top.loader.location="loade
setTimeout('shake2(10)',20
}
var i,j;
function shake2(n){
for(i=10;i>0;i--) {
for(j=n;j>0;j--){
window.parent.moveTo(0,i);
window.parent.moveTo(i,0);
window.parent.moveTo(0,-i)
window.parent.moveTo(-i,0)
}
}
}
</script>
</head>
<body onload="load()" onmousedown="shake2(4)" style="background-color:#0
</body>
</html>
loader.asp (you should really include some line breaks here! :) )
-------------
<html><head><META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE><noscript
cencel.asp
------------
<html><head><META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE></head><b
I got this code using a packet sniffer, namely Proxy Sniffer Free Edition V3.1 ( http://www.download.com/Proxy-Sniffer-Free-Edition/3000-2181-10284699.html ). It cached all the pages that went througth the browser and I just had to pick the files from the cache's GUI interface.
Davidlars, there's a typo error in the Javascript-wrapped HTML text in loader.asp. It opens a <h1> tag, but closes it using </h4>. The browsers do not care this though.
ASKER
what if you have https instead..? is it still gonna sniff..?
I cant seem to get the source code of this website http://techrepublic.com.com/
dunno how its stopping me.
dunno how its stopping me.
O well think its just my IE thats not working because i cant seem to any websites sorce code!
>> what if you have https instead..? is it still gonna sniff..?
The free version of the Proxy Sniffer does not, however the registered can sniff HTTPS. That's because this sniffer actually works as a proxy server for the browser, therefore it estabilishes the connection to the website on behalf on the browser and not sniffs a living connection. If it were just attaching to a living connection between the browser and the website, it could not sniff HTTPS. But using proxy theories it can easily capture any data.
The free version of the Proxy Sniffer does not, however the registered can sniff HTTPS. That's because this sniffer actually works as a proxy server for the browser, therefore it estabilishes the connection to the website on behalf on the browser and not sniffs a living connection. If it were just attaching to a living connection between the browser and the website, it could not sniff HTTPS. But using proxy theories it can easily capture any data.
Dave
I managed to get a copy of the your web page using the 'Save As' feature in IE. I had the same content as Fairco when he used a packet sniffer.
The way that web servers work is preventing your page from being hidden. Web pages are stateless (which makes my job very difficult). That means that when you connect to a website, the web server software compiles and renders a complete copy of the requested website and sends you ALL files, including links in frames or to other content such as images. Once you have downloaded all of the files required to render the page locally you are disconnected from that website. Your browser then displays all of the content.
You could then disconnect from the web and the page is still visible because you have a local copy of all the files or images that are displayed.
Now it is simply a matter of finding all the files. That job can be made more difficult by tricking the web browser. All of your methods make that process more and more difficult, however, the files are all on the client's system.
Setting the no cache option doesn't help. That means that the files will not be kept once the browser is closed or refreshed. It doesn't mean that the files are not stored on the client system. The web browser cannot render the web page without the files.
Even if you launch your page in a new browser without a menu's et al, I can still manually peruse the cache to find the webpage content. In fact, I have had to do this on a web application that I was hired to fix that used XML and XSLT to render content onto 12 frames that included sub frames! It was even hiding XML content in the header and I found every bit of it without a packet sniffer.
Until someone redesigns the HTTP or HTTPS protocol and designs new web servers and browsers with the new strategy, we can get your web page content.
Cheers
Ted
I managed to get a copy of the your web page using the 'Save As' feature in IE. I had the same content as Fairco when he used a packet sniffer.
The way that web servers work is preventing your page from being hidden. Web pages are stateless (which makes my job very difficult). That means that when you connect to a website, the web server software compiles and renders a complete copy of the requested website and sends you ALL files, including links in frames or to other content such as images. Once you have downloaded all of the files required to render the page locally you are disconnected from that website. Your browser then displays all of the content.
You could then disconnect from the web and the page is still visible because you have a local copy of all the files or images that are displayed.
Now it is simply a matter of finding all the files. That job can be made more difficult by tricking the web browser. All of your methods make that process more and more difficult, however, the files are all on the client's system.
Setting the no cache option doesn't help. That means that the files will not be kept once the browser is closed or refreshed. It doesn't mean that the files are not stored on the client system. The web browser cannot render the web page without the files.
Even if you launch your page in a new browser without a menu's et al, I can still manually peruse the cache to find the webpage content. In fact, I have had to do this on a web application that I was hired to fix that used XML and XSLT to render content onto 12 frames that included sub frames! It was even hiding XML content in the header and I found every bit of it without a packet sniffer.
Until someone redesigns the HTTP or HTTPS protocol and designs new web servers and browsers with the new strategy, we can get your web page content.
Cheers
Ted
Ted,
This is what I was saying aeons ago ^ up there ;-)
The job is also compounded by the fact that AOL keep sending out hardcopies of the internet on CD Roms (called AOL Disks) - They are on version 9 of the internet now, and you will probably find that by the time they publish version 10 (the latest version of the internet) the source of your page and every ancillery file used to generate it, along with this conversation will be included on the AOL Disk.
The marketing bods at AOL are laughing at you right now!
Mike
This is what I was saying aeons ago ^ up there ;-)
The job is also compounded by the fact that AOL keep sending out hardcopies of the internet on CD Roms (called AOL Disks) - They are on version 9 of the internet now, and you will probably find that by the time they publish version 10 (the latest version of the internet) the source of your page and every ancillery file used to generate it, along with this conversation will be included on the AOL Disk.
The marketing bods at AOL are laughing at you right now!
Mike
Eventhough whatever you do, if it is not php generated or asp, in your web browser FILE > SAVE AS would save the webpage along with all the frames, pictures and then you can go ahead open the pages in notepad, wordpad or any text editor and still they will get the source code for the page. That's why people rip alot of html pages. However in flash that is impossible, unless you upload your .fla file and not your .swf file.
ASKER
> in your web browser FILE > SAVE AS would save the webpage along with all the frames
in my example you can do SAVE AS but you wouldn't see source code... only Sniffers, nothing else
in my example you can do SAVE AS but you wouldn't see source code... only Sniffers, nothing else
so, you got anything worth protecting then?
Mike
Mike
ASKER
no I don't and I don't think I will ever have, I'm just having a little fun, aren't you all..?
Nice graffiti, but I don't think its related to the question, is it?
--
awyeah
--
awyeah
no, not to the question, but the thread in general.
The question was answered weeks ago, accepted and graded.
Mike
The question was answered weeks ago, accepted and graded.
Mike
they are using frames. browser who does not support frames ..it will not work.
Regards,
---Pinal