Solved

hide page source and disable right click

Posted on 2004-08-26
91
8,170 Views
Last Modified: 2012-06-27
this url shows how to hide source code and disable right click on the page. The reason I'm posting this topic is that I just want to make sure it really works the way I think it works. right now it only works with IE just because I didn't spend extra time for it and that's why I posted this topic. Please do anything possible to view the source of the page which generates HTML and tell me how you did it...

http://www.frozendev.com/temp/protect/default.asp

thank you
 dave

0
Comment
Question by:davidlars99
91 Comments
 
LVL 21

Expert Comment

by:pinaldave
Comment Utility
Hi davidlars99,
they are using frames. browser who does not support frames ..it will not work.

Regards,
---Pinal
0
 
LVL 21

Expert Comment

by:pinaldave
Comment Utility
Hi davidlars99,
there are three files...
1) default_asp

2) main

3) cencel


Now let us see their source....
1) default_asp
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Frameset//EN">
<!-- saved from url=(0049)http://www.frozendev.com/temp/protect/default.asp -->
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META http-equiv=PRAGMA content=NO-CACHE>
<SCRIPT language=Javascript>
function load_(){
   window.frames[0].location="main.asp"

}
</SCRIPT>

<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD><FRAMESET
rows=100%,0,0 frameBorder=0 onload=load_()><FRAME name=content
src="default_asp_files/main.htm"><FRAME name=loader src="about:blank"
scrolling=no><FRAME name=helper src="default_asp_files/cencel.htm"
scrolling=no></FRAMESET></HTML>



2) main
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0046)http://www.frozendev.com/temp/protect/main.asp -->
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META http-equiv=PRAGMA content=NO-CACHE>
<SCRIPT language=Javascript>

function add_(html){
   document.body.innerHTML=html;
   window.parent.helper.location="cencel.asp";
}
function load(){
   window.parent.loader.location="loader.asp"
}
</SCRIPT>

<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD>
<BODY oncontextmenu="return false"
style="COLOR: #555555; BACKGROUND-COLOR: #000000" onload=load()></BODY></HTML>


3) cencel
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0048)http://www.frozendev.com/temp/protect/cencel.asp -->
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META http-equiv=PRAGMA content=NO-CACHE>
<META content="MSHTML 6.00.2800.1458" name=GENERATOR></HEAD>
<BODY></BODY></HTML>



Regards,
---Pinal
0
 
LVL 4

Expert Comment

by:DaveyEss
Comment Utility
In Firefox I can see the HTML using the "View HTML" menu option.

0
 
LVL 21

Expert Comment

by:pinaldave
Comment Utility
Hi davidlars99,
well, no body can hide page source in any condition. Period.
Just save that page in your disk and open in text editor.

Regards,
---Pinal
0
 
LVL 21

Expert Comment

by:pinaldave
Comment Utility
Hi davidlars99,
 oncontextmenu="return false" will disable the right click.which the examples have used.
for more example of this go to
http://lab.artlung.com/scripting/oncontextmenu/

Regards,
---Pinal
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
pinaldave thank you for taking time in experimenting, but there is anoher file named loader.asp which generates the source and still remains hidden. have you tryied that yet?

0
 
LVL 21

Expert Comment

by:pinaldave
Comment Utility
Hi davidlars99,
that is server side and that is generating all the other files. Server side files can never be seen and they are also not considered as file like view source.
We can only see client side things which is known as view source file like html, javascript, css .
we can not see .jsp, .asp, .cfm or .php or other client side files.

Regards,
---Pinal
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
DaveyEss, have you tryied to view the source of loader.asp which actualy generates HTML and puts the source in main.asp?
0
 
LVL 21

Expert Comment

by:pinaldave
Comment Utility
Hi davidlars99,
sorry for being repeatative but nobody can see what is written in loader.asp... this is true with all there languages and all the sites which you surf during the day.

Regards,
---Pinal
0
 
LVL 21

Expert Comment

by:pinaldave
Comment Utility
Hi davidlars99,
also we are not able to see the what is written in cencel.asp we are looking into the cencel.htm which is generated from that file. we can not see .asp source from our client side browser only the person who wrote the file have access to those files.
Same way, much of hte code in our EE is written in .jsp only thing which we are able to see is .htm .
I hope this will clear the doubts.

Regards,
---Pinal
0
 
LVL 4

Expert Comment

by:DaveyEss
Comment Utility
No, I could not see what was in loader.asp  As the asp file is executed server side to produce html, there should be no way that I can see the actual asp page.
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
would you do or use something similar to what I've done to prevent users from viewing the source code?
all I'm trying to make sure is that, there are many developers who have questions about hiding the source and I just came up with some kind of stupid solution, I also understand that it will not work if javascript is disabled and if browser doesn't support frames. All I'm asking is would you do it if you wanted to hide the source despite all the things that might go wrong using this method...?
0
 
LVL 4

Expert Comment

by:DaveyEss
Comment Utility
If your system is configured correctly, there should be no way for people to view the asp source code.  Many websites run this way.

You can't reliably hide the html, but the code that generated it should be hidden.
0
 
LVL 21

Expert Comment

by:pinaldave
Comment Utility
Hi davidlars99,
Hiding HTML NOT POSSIBLE.
Hiding ASP or any server side code Possible all the time, and that people do.
Again hiding the html code is IMPOSSIBLE my friend,

Regards,
---Pinal
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
thank you for replying guys..

that's what I'm saying it's possible. as far as I know when ASP generates HTML you can only see HTML not ASP
so if it's not possible how did I hide the source?   source which produces the following view like this...


      cat eyes image at the top

                WARNING!

HTML SOURCE CODE IS PROTECTED!
Anyway, you are welcome to break it...

                Good Luck!

with this method I can hide any amount of source code I want.
0
 
LVL 21

Expert Comment

by:pinaldave
Comment Utility
Hello,
is not this the concept behind server side language. This is universal. I assume that every programmer knows this.
Well, if you consider that as hiding source, then I accept as you can hide the source.
Regards,
---Pinal
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
the code behind server side language is this, but there's no way of seeing it as far as I think and that's why asked...
I didn't say nobody knows it I just asked would you consider something like this as the Lame method or you'd consider it as something that might help in some ways?
I appraciate all you feedback Pinal and DaveyEss



default.asp

<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
%>


<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">


<script language="Javascript">
function load_(){
   window.frames[0].location="main.asp"

}
</script>
</head>
<%
session("frames")="OK"
%>

<frameset rows="100%,0,0" frameborder="0" onload="load_()">
   <frame src="about:blank" name="content">
   <frame src="about:blank" name="loader" scrolling="no">
   <frame src="about:blank" name="helper" scrolling="no">
</frameset>


</html>
-------------------------------------------------------------------------------------------------



main.asp

<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
%>


<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">

<script language="Javascript">

function add_(html){
   document.body.innerHTML=html;
   window.parent.helper.location="cencel.asp";
}
function load(){
   window.parent.loader.location="loader.asp"
}
</script>
</head>

<body onload="load()" style="background-color:#000000;color:#555555" oncontextmenu="return false">

</body>

</html>
-------------------------------------------------------------------------------------------------

cencel.asp

<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"



response.write("<html>")
response.write("<head>")
response.write("<META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE>")

response.write("</head>")
response.write("<body>")

session("frames")=null


response.write("</body>")
response.write("</html>")
%>
-------------------------------------------------------------------------------------------------



loader.asp

<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"

response.write("<html><head><META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE></head><body>")

set oBrowser = Server.CreateObject("MSWC.BrowserType")
if oBrowser.JavaScript=True then

if session("frames")="OK" then
response.write("<script language=Javascript>if(window.frames.length==0)self.location=" & "'" & "about:blank" & "'" & ";")
response.write("var html=" & "'" & "<br><br<br><br><center><table><tr><td align=center valign=middle><img src=eyes.gif></td></tr></table>\n" & "'" & ";")
response.write("html+=" & "'" & "<br><br><h1 style=font-family:impact>WARNING!<br><br>HTML SOURCE CODE IS PROTECTED!<br>Anyway, you are welcome to break it...<br><br><font size=6>&nbsp;Good Luck!&nbsp;</font></h4></center>\n" & "';")
response.write("try{top.content.add_(html);self.location=" & "'" & "about:blank" & "'" & ";}catch(e){}</script>")
session("frames")=null

else

response.write("<h2>The page source is protected, you cannot see it!</h2")

end if

end if

response.write("</body></html>")
%>
-------------------------------------------------------------------------------------------------


cheers!
 dave
0
 
LVL 21

Expert Comment

by:pinaldave
Comment Utility
Hi davidlars99,
dude, well in the sense you have asked the question. I will use this method to protect my code for sure. I like it!!! Seriously, it is not that easy to brake into it. btw, I already have bookmarked this q. so I can refer it in future. This was very interesting. I may use this method to protect my code, if needed. Smiles,

Regards,
---Pinal
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
you say it is not that easy to brake into it, let me ask you one question is it possible at all?
0
 
LVL 21

Assisted Solution

by:pinaldave
pinaldave earned 150 total points
Comment Utility
Hi davidlars99,
nobody can read your .asp through browser or any other way.
only way they can do is get into your server and then they can use it the way you do.
well that is always there... so I consider this as pretty secure.
Also, we can not discuss much about how some one can get into the server due to the policy of the EE.
We can just discuss security, that is what we are doing.

Regards,
---Pinal
0
 
LVL 8

Expert Comment

by:KerryG
Comment Utility
The ASP Source code is protected on the server and only the resultant HTML code is displayed on the browser. So when you say you want to protect your ASP Source code, you already are. If you want to protect the resultant HTML code than it is next to impossible to protect it from any given situation. What works in IE does not always work in Mozilla, Firefox, and Opera. Even using Javascript can be easily disabled in any browser.

So, to answer your questions:

Can you protect ASP source code? Yes, it is stored on the server
Can you protect HTML code? Yes under very limited conditions, but there is no magic bullet that works everywhere.
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
yes pinal you are absolutly right I'm not expecting anybody to discuss hot to get into the server, which is not that easy I would say imposible for 99 developers out of 100 or something about that. plus it will result in several trials in court and maybe imprisionment up to several years in prison.
thank you very much pinal for you honest feedback I just have to wait for what other experts have to say about this issue and let me assure you you got the points...

cheers!
 dave
0
 
LVL 21

Expert Comment

by:pinaldave
Comment Utility
Hi davidlars99,
thanks man. I knew from the beginning that you will apriciate honest answer then sugercotted words. I am ColdFusion guy and MS in Computer Security. So have spend so much time in all this. Have a good day buddy!

Regards,
---Pinal
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
hi KerryG, I can make it work in any browser If I want to and  try to, but not yet I just want to see what others think about this issue

thank you
0
 
LVL 3

Accepted Solution

by:
Fairco earned 200 total points
Comment Utility
Hi davilars99 again!

Your code's still not secure. ;)
Many people (including me) use site downloader programs to download an entire website. (E.g. all linked images in a thumbnail page) One of them which I use is Teleport pro. Took approx. 3 clicks (and entering the URL) to start the download.
Now it easily and perfectly downloaded your web page, including the loader.asp page. I'm afraid that other site downloaders will also do it.

Here's the retrieved loader.asp:
<html><head><META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE></head><body><script language=Javascript>if(window.frames.length==0)self.location='about:blank';var html='<br><br<br><br><center><table><tr><td align=center valign=middle><img src=eyes.gif></td></tr></table>\n';html+='<br><br><h1 style=font-family:impact>WARNING!<br><br>HTML SOURCE CODE IS PROTECTED!<br>Anyway, you are welcome to break it...<br><br><font size=6>Good Luck!</font></h4></center>\n';try{top.content.add_(html);self.location='about:blank';}catch(e){}</script></body></html>

If you wish to study this further on, here's the link to Teleport pro's page:
http://www.tenmax.com/teleport/pro/download.htm

By the way, if I set active scripting to "ask" in IE properties, I still have the choice to grab the pages from the cache, while the question is on the screen. But it is considered a much lower "stealing risk".
0
 
LVL 8

Assisted Solution

by:KerryG
KerryG earned 150 total points
Comment Utility
No you cannot make it work in any browser under all conditions. If I can view the page, I can get the HTML code, its already on my computer. It's all a matter of how bad I want it. In most cases, simply going to the file menu and saving the page is all I need to do. I have never seen a completely failsafe way of protecting HTML code.
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
ok go ahead and do all you can and show me the HTML source which generates content on main page
thank you
0
 
LVL 8

Expert Comment

by:KerryG
Comment Utility
<center>
<table id="table1">
      <tr>
            <td vAlign="center" align="middle">
            <img src="http://www.frozendev.com/temp/protect/eyes.gif"></td>
      </tr>
</table>
<br>
<br>
&nbsp;<h1 style="FONT-FAMILY: impact">WARNING!<br>
<br>
HTML SOURCE CODE IS PROTECTED!<br>
Anyway, you are welcome to break it...<br>
<br>
<font size="6">Good Luck!</font></h1>
</center>
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
Fairco, I will make that directory and all files in that directory password protected would you still be able to do it with downloader?
0
 
LVL 21

Expert Comment

by:pinaldave
Comment Utility
Hi davidlars99,
in that case browser will be not able to reach there. if browser can see it one can get it.

Regards,
---Pinal
0
 
LVL 8

Expert Comment

by:KerryG
Comment Utility
A downloader program would need to know the login/password.
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
KerryG, I'm not using "" double quotes in my original source
0
 
LVL 9

Expert Comment

by:cwolves
Comment Utility
<BR><BR<BR><BR>
<CENTER>
<TABLE>
<TBODY>
<TR>
<TD vAlign=center align=middle><IMG src="http://www.frozendev.com/temp/protect/eyes.gif"></TD></TR></TBODY></TABLE><BR><BR>
<H1 style="FONT-FAMILY: impact">WARNING!<BR><BR>HTML SOURCE CODE IS PROTECTED!<BR>Anyway, you are welcome to break it...<BR><BR><FONT size=6>Good Luck!</FONT></H1></CENTER>

javascript:document.write(window.frames[0].document.body.innerHTML);

easy.  I've gone through all this **** before.  I have code that comes -really- close to being impossible to get, but with the javascript above (well something slightly different), it's still very easy.  it is -IMPOSSIBLE- to hide your source code.  If nothing else you can get a packet sniffer.

e-mail me if you want the code: <email removed>
0
 
LVL 8

Expert Comment

by:KerryG
Comment Utility
If that's the only thing that occured during translation I would say I proved my point quite well. Since the page doesn't even display in browsers other than IE you are simply trading some minor security for a total lack of compatibility.
0
 
LVL 3

Expert Comment

by:Fairco
Comment Utility
davidlars99, yes, Teleport pro supports HTTP basic authentication.
0
 
LVL 13

Expert Comment

by:flow79
Comment Utility
cwolves, please put a thread into Support requesting that your email address be removed.  Posting your email within the thread is one of the "Big Mistakes" in the EE Guidelines. Please see: http://experts-exchange.com/Web/help.jsp#hi99 to view this section of the Guidelines.

Also, to comment on this thread - there is no way to completely block someone from viewing your code, or stealing your images, or ripping your layout.  If you dont want anyone to get it, dont post it.  Its as easy as that.  If you care so much about code theft, dont post to the web, but otherwise, people will find a way to rip your stuff.

0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
flow79, personaly I don't care who will view my source code I was just trying to come close to the issue despite the fact that I knew it was impossible
thank you for you opinion
0
 
LVL 3

Expert Comment

by:Fairco
Comment Utility
By the way, if we are at the topic...

If you want to see a real lame protection, see this page: http://www.mailmontage.com/index_test.html
Interesting idea, but requires 5 or less minute to write a decrypter script. Not to mention thousands of other methods....
But what makes one's stomach to turn out is that they are asking for money to get the crypter program! See this page for details: http://www.hypergurl.com/htmlProtector.html
What do you buy when you purchase the crypto software? Not security, that's for sure.
0
 
LVL 10

Expert Comment

by:frugle
Comment Utility
this thread makes me wonder whether you know the difference between source code and HTML "source"

Just because the words are the same, doesn't mean they are the same thing.

Source Code is what generates the web page. This can only be executed, not read. When it is executed, it generates the HTML that the browser downloads and the user can read with "view source".

The code (included files, asp files, whatever) can be requested by the user if they know where to look - but without permissions set to download them, all they can do is ask the server to execute them.

Mike
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
Comment Utility
There are all kinds of swindleware sites around the net.  You have managed to duplicate what a some of them try to sell to the gullible to "protect their code". As already indicated downloaders and packet snifers  pick it up.  So will script filters, memory mappers snapshots, and the better DOM inspectors. What you have created is a convoluted piece of code that does not work cross-browser; will not be accessible for anyone using devices for the visually impaired; will not be pick up by search engines; and is totally 100% unimpressive.  I've seen much better attempts in flash and using applets.  I've seen some pretty slick attempts using activeX and base64.  

On a scale of 1 to 10 this rates about 1.5 maybe even 2, but no higher because of low usability.

There are a handful of sites on the Internet that really have very advanced programming like MSDN, Ebay and CNN.  Given the huge investment they have and the enourmous resources; do you not wonder why they have not found a way to hide source?  Perhaps you should let Bill Gates know you have a solution and see how much the big sites are willing to pay.

Cd&
0
 
LVL 10

Expert Comment

by:frugle
Comment Utility
default.asp opens a frameset. into the frameset it calls main.asp and loader.asp, which uses a javascript variable to store the source.

main.asp pulls the source from the js variable and uses innerHTML replacement to put the source into the document, then loader.asp is replaced with cencel.asp, a blank document.

<html>
<head>
<META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE>
</head>
<body>
<script language=Javascript>
if(window.frames.length==0)self.location='about:blank';
var html='<br><br<br><br><center><table><tr><td align=center valign=middle><img src=eyes.gif></td></tr></table>\n';
html+='<br><br><h1 style=font-family:impact>WARNING!<br><br>HTML SOURCE CODE IS PROTECTED!<br>Anyway, you are welcome to break it...&nbsp;<br><br><font size=6>Good Luck!</font></h4></center>\n';
try{
        top.content.add_(html);
        self.location='about:blank';
}
catch(e){}
</script>
</body>
</html>


consider it broken - and Cd&, you're over rating it, I wouldn't even give it 1/10 for ingenuity.

Mike
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
I was not looking for rating or was trying to impress people my question was as clear as it seems and not more then that. It was done in asp and I did not ask for flash or java.

> You have managed to duplicate what a some of them try to sell to the gullible to "protect their code"
I spend my own time and mind to do it I did not do the way you think I did it.
COBOLdinosaur I find your comment not appropriate and personaly softly insulting in the way where you try do disrespect my ability of understanding things while we are strangers to each other.
would you tell the same thing to somebody when you are face to face with each other? I think NOT, because you might get hurt and that is true...


0
 
LVL 10

Expert Comment

by:frugle
Comment Utility
it's not done in asp at all, it's done in HTML and JavaScript. Just because the page has an .asp extension doesn't mean there's a scrap of server-side code involved.

Mike
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
this is the code behind

default.asp

<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
%>


<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">


<script language="Javascript">
function load_(){
   window.frames[0].location="main.asp"

}
</script>
</head>
<%
session("frames")="OK"
%>

<frameset rows="100%,0,0" frameborder="0" onload="load_()">
   <frame src="about:blank" name="content">
   <frame src="about:blank" name="loader" scrolling="no">
   <frame src="about:blank" name="helper" scrolling="no">
</frameset>


</html>
-------------------------------------------------------------------------------------------------



main.asp

<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
%>


<html>
<head>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">

<script language="Javascript">

function add_(html){
   document.body.innerHTML=html;
   window.parent.helper.location="cencel.asp";
}
function load(){
   window.parent.loader.location="loader.asp"
}
</script>
</head>

<body onload="load()" style="background-color:#000000;color:#555555" oncontextmenu="return false">

</body>

</html>
-------------------------------------------------------------------------------------------------

cencel.asp

<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"



response.write("<html>")
response.write("<head>")
response.write("<META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE>")

response.write("</head>")
response.write("<body>")

session("frames")=null


response.write("</body>")
response.write("</html>")
%>
-------------------------------------------------------------------------------------------------



loader.asp

<%
Response.Expires = 0
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"

response.write("<html><head><META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE></head><body>")

set oBrowser = Server.CreateObject("MSWC.BrowserType")
if oBrowser.JavaScript=True then

if session("frames")="OK" then
response.write("<script language=Javascript>if(window.frames.length==0)self.location=" & "'" & "about:blank" & "'" & ";")
response.write("var html=" & "'" & "<br><br<br><br><center><table><tr><td align=center valign=middle><img src=eyes.gif></td></tr></table>\n" & "'" & ";")
response.write("html+=" & "'" & "<br><br><h1 style=font-family:impact>WARNING!<br><br>HTML SOURCE CODE IS PROTECTED!<br>Anyway, you are welcome to break it...<br><br><font size=6>&nbsp;Good Luck!&nbsp;</font></h4></center>\n" & "';")
response.write("try{top.content.add_(html);self.location=" & "'" & "about:blank" & "'" & ";}catch(e){}</script>")
session("frames")=null

else

response.write("<h2>The page source is protected, you cannot see it!</h2")

end if

end if

response.write("</body></html>")
%>
-------------------------------------------------------------------------------------------------
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
I know this is not the perfect way, but It's the mosth that Javascript, HTML and ASP can do with at this point. Using ActiveX will scare users off with its ugly message concerning activex action...
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 10

Expert Comment

by:frugle
Comment Utility
gee, that's clever.
0
 
LVL 21

Expert Comment

by:pinaldave
Comment Utility
whatever is this, but this is the most interesting thread to participate and great knowledge sharing.
I will just say Thanks to davidlars99 for bringing this to board.
Regards,
---Pinal
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
I really DO NOT WANT to spend more time with this script, but I'm 10000% sure that I can make it crossbrowser, I mean come on you know it's not a big deal right?
0
 
LVL 10

Expert Comment

by:frugle
Comment Utility
make it cross browser, make it work without javascript for lynx, make it accessible and make it readable by the search engines, then patent it and make a billion dollars.

see you in 20 years.

Mike
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
If I make that happen what are the chances to see me in 20 years on the scale of 0 to 10...?   -:)
0
 

Expert Comment

by:meclive
Comment Utility
The only way i know to make a website code unreadable is to encrypt it. A few programs offer this, regards.
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
you mean something like this..?
http://www.mailmontage.com/index_test.html
0
 

Expert Comment

by:meclive
Comment Utility
Yep, but if you know how you can still get the code... ;)
0
 
LVL 10

Expert Comment

by:frugle
Comment Utility
<HTML>
<HEAD>
<TITLE>Mail Montage</TITLE>
<META NAME="description" CONTENT="PSP Picture Tubes made from Scratch, Email Stationery for Outlook Express, E-Cards and PSP Tutorials">
<META NAME="keywords" CONTENT="email stationery, Outlook Express stationery, picture tubes, PSP tubes, scratch tubes, e-cards, ecards, psp ecards, psp e-cards, PSP Tutorials, Paint Shop Pro Tutorials, PSP7 Tutorials">

<link rel="SHORTCUT ICON" href="http://www.mailmontage.com/favicon1.ico">

<STYLE>A:HOVER {color:#FFFFFF;text-decoration-none}</STYLE>

</HEAD>

<BODY BACKGROUND="table1.gif" BGCOLOR=#877666 TEXT=#403531 LINK=#403531 VLINK=#403531 ALINK=#C5B8A8>
<BR>
<BR>
<CENTER><TABLE BACKGROUND="table2.gif" BGCOLOR=#C5B8A8 BORDER="3" BORDERCOLOR=#403531 WIDTH="90%" CELLPADDING="50" CELLSPACING="0">
<TR>
<TD WIDTH="100%">
<P><CENTER><TABLE BACKGROUND="table1.gif" BGCOLOR=#877666 color BORDER="3" BORDERCOLOR=#403531 WIDTH="100%" CELLPADDING="5" CELLSPACING="0">
<TR><TD WIDTH="100%">
<BR>
<center><IMG SRC="mailmontage.gif" ALT="Welcome to Mail Montage"></center>
<BR><BR>
<center><IMG SRC="lady.gif" ALT="Welcome to Mail Montage"></center>
<BR><BR><BR>
<center><FONT SIZE="6" FACE="ARIAL"><b>Welcome to Mail Montage</b></font></center><BR><BR>
<center><FONT SIZE="5" FACE="ARIAL">This website is divided into two areas<BR>
a Free Area for non-members and<BR>
and a paid Membership Area.
<BR><BR><BR>
In the Free Area you will find <A HREF="http://www.mailmontage.com/greetingcards.html"><FONT SIZE="5" FACE="ARIAL">E-Cards</FONT></A>
</font></center>
<center><FONT SIZE="5" FACE="ARIAL"><A HREF="http://www.mailmontage.com/stationery.html"><FONT SIZE="5" FACE="ARIAL">Email Stationery</FONT></A> for Outlook Express<BR>
<center><FONT SIZE="5" FACE="ARIAL"><A HREF="http://www.mailmontage.com/freetubes.html"><FONT SIZE="5" FACE="ARIAL">Free PSP Tubes</FONT></A> which I have made<BR>from tutorials available on the internet
<BR><BR><BR>
In the paid Membership Area you will find
<BR>my own mouse-drawn <A HREF="http://www.mailmontage.com/psptubes.html"><FONT SIZE="5" FACE="ARIAL">PSP Tubes</FONT></A><BR>
<A HREF="http://www.mailmontage.com/tutorials.html"><FONT SIZE="5" FACE="ARIAL">PSP Tutorials</FONT></A> which I have written<BR>
and my Seamless <A HREF="http://www.mailmontage.com/backgrounds.html"><FONT SIZE="5" FACE="ARIAL">Background Tiles</FONT></A>
<BR><BR><BR>
Thank you for visiting
<BR>
I hope you enjoy your stay!
</font></center>
<BR><BR>
<CENTER><!--WEBBOT bot="HTMLMarkup" startspan ALT="Site Meter" -->
<a href="http://s14.sitemeter.com/stats.asp?site=s14mailmontage" target="_top">
<img src="http://s14.sitemeter.com/meter.asp?site=s14mailmontage" alt="Site Meter" border=0></a>
<!--WEBBOT bot="HTMLMarkup" Endspan --></center>
<BR><BR>
<center><FONT SIZE="1" FACE="Arial"><B>Copyright ©2002-2004 Amanda Marsden</B></FONT></center>
<BR>
</td>
</tr>
</table></center>
</TD>
</TR>
</TABLE>
</CENTER>
</TD>
</TR>
</TABLE>
</CENTER>
<BR>
<BR>
<center><embed src="Casper-Enchanting.mid" width="140" height="40" autostart="false" loop="TRUE">
        </embed></center>
</BODY>
</HTML>


WOW!!! really worth protecting!

Mike
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
:-)
0
 

Expert Comment

by:kaht
Comment Utility
Hi, new to the site so sorry if this was already addressed above:

I type this into the address bar to see the source code for a page:

javascript:void(window.open("javascript:document.open(\"text/plain\");document.write(opener.document.body.parentNode.outerHTML)"))
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
this is very cool and tricky..! seems to me that it will only display spit out :-) if you know what I mean :-), like I said it's very cool I liked it...
BTW, very impressive first time at EE comment kaht...
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
OK, I did some improvments

it's crossbrowser and I think downloaders and packet snifers cannot grab the source, I tested it on my PC and it worked
only thing that sucks is, I can't check if Javascript is enabled or disabled from ASP in order to... you know what..! :-)

seems to me that browser cup doesn't do its job when you really need it
0
 
LVL 10

Expert Comment

by:frugle
Comment Utility
> packet snifers cannot grab the source

What planet are you on?

> seems to me that browser cup doesn't do its job when you really need it

most newer browsers can disable javascript when a page is loaded. how is your server going to know that?

To render a page, you NEED to send source to the browser. NOTHING on this earth will ever stop that.

If it's sent to a browser, it's already on the client's PC and can be read in one form or another.

Question: What is so innovative or unique about the page that you want to protect? It seems like your futile attempt to do the impossible is only the precursor to something stunningly groundbreaking - why don't you just get a patent out on the page BEFORE you put it in the public domain?

Mike
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
why's everybody keep thinking that  I want to protect my source code or it would be nicely over if I simply patent it... :-)
don't you realize my dear friend that uncle dave is having fun. if you don't want to be part of it then get out of the planet
whereever planet I'm from and you won't be frustrated or bothered... :-)
0
 
LVL 10

Expert Comment

by:frugle
Comment Utility
################
###                       ###
###  TROLL FOOD  ###
###                       ###
###      ------>       ###
###                       ###
################
               ##
               ##
               ##
               ##                                         @  @@
               ##                                        @@ @@
               ##                                   \____________/
---\|/------------------------\|/------------------------------

Ascii doesn't work too well on here, but the troll food is potent stuff :-)

Mike
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
and take your food with you... :-) :-)
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
OK, try now with sniffers... let's see what happens :)
0
 
LVL 21

Expert Comment

by:pinaldave
Comment Utility
Hello,
I am reallying having fun and I am reading all the comments. I agree with David that this good point and good to participate.
Another point.. who is Uncle DAVE (angry face). If it is you david that is fine.
If you are refering me --- I turned 25 last month. (smiles smiles)
Okey David if you really have made it cross platform. I will say good job buddy... way to go.
Regards,
---Pinal
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
well, I'll be 25 in nowember so you're older then I am... :) uncle dave, mike, bob and ect. is just an old jocky saying. It doesn't really mean that I qualify as uncle or I'm old enough to be the uncle   :) :) :)
0
 
LVL 21

Expert Comment

by:pinaldave
Comment Utility
You made my day Davidlars99. I have not laughed like this in three days. :):):)
---Pinal
0
 

Expert Comment

by:romeonyc77
Comment Utility
there is no real way to protect images or source, except if u use flash, but u can always use a screen capture to copy an image and then just crop it out in like Photoshop or something
0
 
LVL 9

Expert Comment

by:cwolves
Comment Utility
you can come very close to protecting images...at least make it so that most people can't d/l them:

set the img src to a 1x1px transparent image.  use CSS to set the background for that image to the real image.  put the CSS in an asp/php page and check the http_referer variable to see if it's coming from the correct page.

set a 100ms interval with javascript that clears the clipboard.

results:
they can't right-click/save the image because it saves the 1x1px image.
if they right click and get the path to the image they get path to the 1x1px image.
-most- people can't get the css file (the above method is the simplest way I know of of protecting source code and it works fairly well)
they can't do a print screen because the clipboard is "instantly" cleared.
0
 
LVL 10

Expert Comment

by:frugle
Comment Utility
cwolves,

Clear my clipboard without my consent and I'll be rather cross - I'd certainly never visit your website ever again, nor recommend it to any of my friends, associates or relatives. Congratulations, you've lost a visitor :-(

Whatever idiot lets javascript interfere with system processes deserves what they get :-)

Mike
0
 
LVL 9

Expert Comment

by:cwolves
Comment Utility
but you don't get my images!  *laughs*

okay, slight revision: look at the clipboard contents when they first hit the site.  If the contents change and it's an image (read the first few bytes of the clipboard), clear it then.
0
 
LVL 10

Expert Comment

by:frugle
Comment Utility
why not store the clipboard contents in a hidden field, and replace them if they change - so you're not deleting stuff - in fact why not submit that data back to yourself to see what people are hiding from you?

so, how do you wipe the image from the temporary internet files, or how do you cope with people faking the refering page in their browser headers?

how do you stop applications like grab-it and snapshot that don't use the clipboard?

how do you stop people printing to pdf then clipping the picture out of it?

how do you sleep at night knowing people could actually be VIEWING your website without your consent, storing it albeit temporarily on their screen - what if they just leave the browser open and hang the screen on their wall - a permanent copy of your site displayed to all visitors? hell, they could even charge admittance!!!

maybe you should get people to sign a disclaimer before they visit your page - or get the Men In Black to neuralise each visitor after 30 seconds!

opinions?

Mike
0
 
LVL 9

Expert Comment

by:cwolves
Comment Utility
I was giving an example if someone wanted to do it!

To be honest, if someone took their monitor and hung it on their wall with my website up on it and left it there, I'd be honored!  lol

you can pipe images through a scripting language (asp, php, etc) and turn caching off...no file in temp internet files.

printing prints the null.gif with the above example, even when printing to a pdf.

and grab-it and the like can't be stopped with javascript.

The above example still stops -most- people.

And as for everything else, my personal website is the most amazing website in the world...I could easily sell it for millions of dolalrs.  To prevent people from stealing it, it resides only in c:\inetpub on one of my home computers that doesn't have internet access of any kind.  If someone steals my computer, the files are encrypted with a 1024 byte key.  To anyone that wants -real- security, I suggest you follow suit.
0
 
LVL 10

Expert Comment

by:frugle
Comment Utility
it's amazing, I'm looking at it now!

Mike
0
 
LVL 9

Expert Comment

by:cwolves
Comment Utility
damn you!  I knew I shouldn't have told my cat the password!
0
 
LVL 9

Expert Comment

by:cwolves
Comment Utility
<HTML><HEAD>
<META http-equiv=PRAGMA content=NO-CACHE>
<SCRIPT language=Javascript>

function add_(html){
   document.body.innerHTML=html;
   top.helper.location="cencel.asp";
}
function load(){
    document.onselectstart=function(){return false}
    top.loader.location="loader.asp";
    setTimeout('shake2(10)',2000);
}
var i,j;
function shake2(n){
  for(i=10;i>0;i--) {
      for(j=n;j>0;j--){
            window.parent.moveTo(0,i);
          window.parent.moveTo(i,0);
          window.parent.moveTo(0,-i);
          window.parent.moveTo(-i,0);
      }
  }
}
</SCRIPT>
</HEAD>
<BODY oncontextmenu="return false" onmousedown=shake2(4) style="COLOR: #555555; BACKGROUND-COLOR: #000000" onload=load()><BR><BR<BR><BR>
<CENTER>
<TABLE>
<TBODY>
<TR>
<TD vAlign=center align=middle><IMG src="http://www.frozendev.com/temp/protect/eyes.gif"></TD></TR></TBODY></TABLE><BR><BR>
<H1 style="FONT-FAMILY: impact">WARNING!
<DIV></DIV><BR><BR>HTML SOURCE CODE IS PROTECTED!<BR>Anyway, you are welcome to break it...&nbsp;<BR><BR><FONT size=6>Good Luck!</FONT></H1></CENTER></BODY></HTML>
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
cwolves, it is very strange because I don't use these  "  and I don't have <tbody> tag either. your posted code looks totaly different to what I really have in there... but it's close, if you don't mind tell me how did you do it
0
 
LVL 3

Expert Comment

by:Fairco
Comment Utility
How about this?

default.asp
-------------
 <html>
 <head>
 <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
 <script language="Javascript">
 function load_(){
    window.frames[0].location="main.asp"
 }
 </script>
 </head>
 <frameset rows="100%,0,0" frameborder="0" onload="load_()">
    <frame src="about:blank" name="content">
    <frame src="about:blank" name="loader" scrolling="no">
    <frame src="about:blank" name="helper" scrolling="no">
 </frameset>
 </html>

main.asp
-----------
<html>
 <head>
 <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
 <script language="Javascript">
 function add_(html){
    document.body.innerHTML=html;
    top.helper.location="cencel.asp";
 }
 function load(){
     document.onselectstart=function(){return false}
     top.loader.location="loader.asp";
     setTimeout('shake2(10)',2000);
 }
 var i,j;
 function shake2(n){
   for(i=10;i>0;i--) {
       for(j=n;j>0;j--){
             window.parent.moveTo(0,i);
         window.parent.moveTo(i,0);
         window.parent.moveTo(0,-i);
         window.parent.moveTo(-i,0);
       }
   }
 }
 </script>
 </head>
 <body onload="load()" onmousedown="shake2(4)" style="background-color:#000000;color:#555555" oncontextmenu="return false">
 </body>
 </html>

loader.asp (you should really include some line breaks here! :) )
-------------
<html><head><META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE><noscript><meta HTTP-EQUIV=refresh CONTENT=0;url=cencel.asp></noscript></head><body style=overflow:hidden>Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; (R1 1.3))<script language=Javascript>if(window.frames.length==0)self.location='about:blank';var html='<br><br<br><br><center><table><tr><td align=center valign=middle><img src=eyes.gif></td></tr></table>\n';html+='<br><br><h1 style=font-family:impact>WARNING!<div></div><br><br>HTML SOURCE CODE IS PROTECTED!<br>Anyway, you are welcome to break it...&nbsp;<br><br><font size=6>Good Luck!</font></h4></center>\n';try{top.content.add_(html);self.location='about:blank';}catch(e){}</script></body></html>

cencel.asp
------------
<html><head><META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE></head><body></body></html>



I got this code using a packet sniffer, namely Proxy Sniffer Free Edition V3.1 ( http://www.download.com/Proxy-Sniffer-Free-Edition/3000-2181-10284699.html ). It cached all the pages that went througth the browser and I just had to pick the files from the cache's GUI interface.

Davidlars, there's a typo error in the Javascript-wrapped HTML text in loader.asp. It opens a <h1> tag, but closes it using </h4>. The browsers do not care this though.
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
what if you have https instead..? is it still gonna sniff..?
0
 

Expert Comment

by:meclive
Comment Utility
I cant seem to get the source code of this website http://techrepublic.com.com/
dunno how its stopping me.
0
 

Expert Comment

by:meclive
Comment Utility
O well think its just my IE thats not working because i cant seem to any websites sorce code!
0
 
LVL 3

Expert Comment

by:Fairco
Comment Utility
>>  what if you have https instead..? is it still gonna sniff..?

The free version of the Proxy Sniffer does not, however the registered can sniff HTTPS. That's because this sniffer actually works as a proxy server for the browser, therefore it estabilishes the connection to the website on behalf on the browser and not sniffs a living connection. If it were just attaching to a living connection between the browser and the website, it could not sniff HTTPS. But using proxy theories it can easily capture any data.
0
 
LVL 51

Expert Comment

by:tedbilly
Comment Utility
Dave

I managed to get a copy of the your web page using the 'Save As' feature in IE.  I had the same content as Fairco when he used a packet sniffer.

The way that web servers work is preventing your page from being hidden.  Web pages are stateless (which makes my job very difficult). That means that when you connect to a website, the web server software compiles and renders a complete copy of the requested website and sends you ALL files, including links in frames or to other content such as images. Once you have downloaded all of the files required to render the page locally you are disconnected from that website.  Your browser then displays all of the content.

You could then disconnect from the web and the page is still visible because you have a local copy of all the files or images that are displayed.

Now it is simply a matter of finding all the files.  That job can be made more difficult by tricking the web browser.   All of your methods make that process more and more difficult, however, the files are all on the client's system.

Setting the no cache option doesn't help.  That means that the files will not be kept once the browser is closed or refreshed.  It doesn't mean that the files are not stored on the client system.  The web browser cannot render the web page without the files.

Even if you launch your page in a new browser without a menu's et al, I can still manually peruse the cache to find the webpage content.  In fact, I have had to do this on a web application that I was hired to fix that used XML and XSLT to render content onto 12 frames that included sub frames!  It was even hiding XML content in the header and I found every bit of it without a packet sniffer.

Until someone redesigns the HTTP or HTTPS protocol and designs new web servers and browsers with the new strategy, we can get your web page content.

Cheers
Ted
0
 
LVL 10

Expert Comment

by:frugle
Comment Utility
Ted,

This is what I was saying aeons ago ^ up there ;-)

The job is also compounded by the fact that AOL keep sending out hardcopies of the internet on CD Roms (called AOL Disks) - They are on version 9 of the internet now, and you will probably find that by the time they publish version 10 (the latest version of the internet) the source of your page and every ancillery file used to generate it, along with this conversation will be included on the AOL Disk.

The marketing bods at AOL are laughing at you right now!

Mike

 
0
 

Expert Comment

by:awwyeah
Comment Utility
Eventhough whatever you do, if it is not php generated or asp, in your web browser FILE > SAVE AS would save the webpage along with all the frames, pictures and then you can go ahead open the pages in notepad, wordpad or any text editor and still they will get the source code for the page. That's why people rip alot of html pages. However in flash that is impossible, unless you upload your .fla file and not your .swf file.
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
> in your web browser FILE > SAVE AS would save the webpage along with all the frames

in my example you can do SAVE AS but you wouldn't see source code... only Sniffers, nothing else
0
 
LVL 10

Expert Comment

by:frugle
Comment Utility
so, you got anything worth protecting then?

Mike
0
 
LVL 13

Author Comment

by:davidlars99
Comment Utility
no I don't and I don't think I will ever have, I'm just having a little fun, aren't you all..?
0
 
LVL 10

Expert Comment

by:frugle
Comment Utility
0
 

Expert Comment

by:awwyeah
Comment Utility
Nice graffiti, but I don't think its related to the question, is it?

--
awyeah
0
 
LVL 10

Expert Comment

by:frugle
Comment Utility
no, not to the question, but the thread in general.

The question was answered weeks ago, accepted and graded.

Mike
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Read about why website design really matters in today's demanding market.
This video teaches users how to migrate an existing Wordpress website to a new domain.
The viewer will learn how to dynamically set the form action using jQuery.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now