A friend of mine wants to protect webpages. He wants to block access to the HTML code of displayed webpages.
For this purpose he created a program that uses CHtmlView to show webpages and wants to create a second thread that basicall constantly checks if the surroundings are "safe". As soon as an attack on the HTML code is detected, the displayed web-page would be removed.
Now I know it is fairly easy to attach to a running instance of IE or use browser helper objects or other methods to gain access to the insides of IE and there is always the cache-problem too.
So my question:
Does anybody have suggestions
a) how to reliably turn off caching of the loaded pages?
b) how to check for code-sniffing browser-helper objects before and during the display of the pages
(and just close the webpage if an "attack" is detected). Is there an enumeration function that
gives a list of the installed helper objects? Is there an instance counter that we could use
to detect if somebody tries to connect to our IE ?
c) suggestions for other attacks to get the source-code? (Don't worry about the transport between
the server and the user's machine. That is being done encrypted. The problem starts once
the IE instance renders the web-page.) So do you know of other ways to get to the HTML code?
And lastly your take on how probable it is that my friend can shut down all loopholes so that access
to the HTML-code is made VERY tough (read: is restricted to very sophisticated and clever hackers).
Thank you all for your help!