Solved

disable File->Save As (web page)

Posted on 2004-08-09
8
6,533 Views
Last Modified: 2012-08-14
Well, since i cant prevent user from see my source code, but can i prevent user from save it... i mean File-> Save As.

because i ever visit a web site that i cant File -> Save As.
like Yahoo..., we cant save right...


so , can anybody help me???
0
Comment
Question by:lenz8as
8 Comments
 
LVL 7

Expert Comment

by:suramsureshbabu
ID: 11759646
0
 
LVL 3

Expert Comment

by:ashleydb
ID: 11759663
You simply can't disable it. No way, no how.

You could try protecting your source code however. Maybe something like this could help:

http://www.aerotags.com/products/tlp.php
0
 
LVL 1

Expert Comment

by:garethdart24
ID: 11759683
My answer is below - the first two paragraphs are what I think of hiding source code...

First of all, there is no absolute, sure fire, 100% guaranteed way of preventing a user from seeing your markup.  The browser cannot render your page unless the code is sent to it, so, if someone is determined enough, they will get at it.  The page could be saved in the user's cache file, and all they'd have to do would be to find it and open it.  The best you can do is deter most normal users (but normal users won't be interested in your markup.  Likely anyone who is interested in seeing your code will be a web developer, and a web developer will be able to figure out a way to see it, given that she/he has access to google and enough time.)

Second, I can rarely understand why someone would want to hide their source code.  Like I say, anyone who would be interested in seeing it would probably be able to devise a way to circumvent any measures you could use and therefore see it. Online banks, etc, yeah, okay, but just normal web pages?  Be proud of your code!  You probably spent a long time getting it how you want it.  Let the world see it, is what I say.  There's a discussion of the ethics of hiding your source code here if you're interested - http://www.websiteowner.info/articles/ethics/norightclick.asp

ANYWAY - My ANSWER(s):

1 - If you really have secure things you don't want people to see, have any secure stuff on the server side only, if possible.  Let the secure stuff generate the unsecure markup (via PHP, etc) and then serve that to the user client.

or 2.
You CAN prevent users from viewing your source code by intercepting the right-click in the body of your page, but apart from IE I'm not sure what browsers support the method I outline below.

You can also suppress the menus and toolbars by opening your secure page in a pop-up window, the caveat being that this method uses a pop-up window, and is therefore subject to all the criticisms and problems that pop-up windows entail.

So, if you have a window with no right-click functionality, and no menus or toolbars, casual users will not be able to access your code.

The example page below disables right click functionality in IE 5.0 upwards.  Clicking the link opens a copy of the page in a new window, thus demonstrating how to open a window without any menus, etc.

<html>
<head>
<script>

function newWindow(where) {

//This is the code for opening a new window without any menus, etc.  

var newWindow = window.open("","newWindow","toolbar=no, directories=no, width=1024, height=768, location=no, menubar=no, resizable, scrollbars=yes, status=no, toolbar=no");
newWindow.location.href = where;
newWindow.focus();

}

function deniedMessage() {

alert("Hands Off!");

}

</script>
</head>
<!-- the oncontextmenu event first calls a little function to display an alert to the user saying 'hands off', and then returns false.  Returning false prevents the right click menu from displaying -->
<body oncontextmenu = "deniedMessage();return false;">
<br />

<!--  The link below calls a new window.  document.location.href just means the address of this page, you could just as easily put a string in there such as 'http://www.mydomain.com/mysecuredpage.html' -->
<a href = "javascript:newWindow(document.location.href);">Click</a>

</body>
</html>

I'll say it one more time - think twice before disabling default functionality of any kind.  It can irritate users and cause many other problems.

G ;)

0
 
LVL 1

Expert Comment

by:garethdart24
ID: 11759719
If it's your javascript you're looking to protect, you can also just put most of it in a separate file (myjavascript.js) and link it to your web page (<script language = "javascript" src = "myjavascript.js"></script>.  You could also encode it in some fashion so that a source view would just show gibberish, but this would degrade performance and slow execution times.

G
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 5

Expert Comment

by:ravisimpi
ID: 11759785
Well what you have seen in yahoo.com are 'java applets'. Yahoo uses them in games, java chat, etc.

  And it also uses a java script which will open the link in a new window with the specified rectrictions ( like disable Address bar, Menu bar, Status bar and specify the width and height of the window)

    You can get the window in norman position by hitting Ctrl+N which opens a new window without the specified restrictions. And if the page is having java applets, then you cant save the aplets, all you can save is the HTML code.
 
0
 
LVL 53

Accepted Solution

by:
COBOLdinosaur earned 50 total points
ID: 11768358
What are you talking about... of course you can save Yahoo pages.  They are mostly not usable until you clean up the garbage they stick in to make it difficult to save the pieces correctly, but getting the pages is nothing.  

I can't believe how much time gets wasted with this nonsenses.  

Understand the technology.  When a client requests a page from your site or any other site.  YOU GIVE THEM THE CODE and everything else on the page.  The user has it on their page and they can do anything they want with it.

If you have a problem with that concept, then find a hobby that you can understand, instead of spinning in circles because someone somewhere migh grab your code.   They don't have to take it... you gave it to them.

Cd&
0
 
LVL 1

Expert Comment

by:garethdart24
ID: 11769313
I know I answered the question, but I have to say I agree with Cd&.  It's just code, mate, and unless you're the Stephen Hawking of web developers it's going to be pretty much similiar to everyone else's code.  If someone does use it, it's a compliment to your skills, but I have to say that when faced with a problem in coding I don't embark on a random 'View Source' spree of pages I visited in the past - I do some research on sites like this one (and books, also) until I find the method I need.

If you want to hide your code, then by all means make the attempt.  As I said, you'll be managing to hide it only from people who would not look at it anyway, and at the cost of seriously affecting the usability of your site.  If you don't believe me, then upload your 'secure page' somewhere, post the URL to this question, and I guarantee that within ten minutes of reading that question, pretty much anyone here will be able to post your source code as proof they've seen it.

I don't say this to be a pain - I say it to emphasise the fact that if you do insist on hiding your code, you're basically shooting yourself in the foot.  It does you very little in the way of favours, and seriously impacts the usability of your site.  At best, it's an exercise in nerdishness, and wasted effort that can be better spent elsewhere.   I'd rather spend ten minutes going through my code adding comments and indenting it nicely so that it's easy for others to read than spend the same ten minutes making it marginally slightly more difficult to view.  Don't do it.

G ;)
0
 
LVL 16

Expert Comment

by:kiranvj
ID: 11769632

What ever u do to ur web page, u can save the pages using browsers like Mozilla and Opera they are very flexible
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Read about why website design really matters in today's demanding market.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now