• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 955
  • Last Modified:

Hide/Encrypt HTML source like gmail?

Does anyone know how to hide or encrypt the HTML of a webpage so that it is not viewable by the user?

ie, if you log into a gmail account, and view the source, you'll see what I mean.

Thanks,
Scott.

ps, I know most people think it CAN'T be done effectively, so only optimists need respond ;-)
0
kbach
Asked:
kbach
1 Solution
 
sciwriterCommented:
You cannot encrypt HTML effectively, because, for any browser to render it, it must first be in plain text (with tags) -- so once it is in plain text, anyone can do "view source" and get all your code.  It is not possible.
0
 
sciwriterCommented:
But, being an optomist, I am working on ideas where you CAN encrypt the basic data you are presenting.  That is a new idea that many have not sought.  Even then, once it is rendered in HTML, the data on that page is still able to be gotten by anyone, using "view source".  The key is, don't put all the data in one page, make it difficult.

If it is CODE you are trying to protect, there is only ONE solution -- you must use a server language like PHP or CGI, or maybe even ASP -- because the server code RENDERS the file to HTML before anyone sees it, they see only the HTML, and not the source code, so your source code is "protected".
0
 
kbachAuthor Commented:
‹       Ó5¶0±0672¶0²°4137510 .×Qø  

This is what's returned by doing a view source in gmail.  My question is, how did they do that?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
sciwriterCommented:
Now the non-optimist would say -- "Well, you can use server code to render anything you want, but given the output, and knowing which server language rendered it, I can pretty-much reconstruct the code that produced that output".  And they are right.  Whatever shows in the browser is copyable to a file on anyone's hard disk.

So the key here is -- "What are you trying to protect?"  Is it code, is it data, is it both?  Or is it just images?

A lot of people disable the right-click to stop people saving images.  Doesn't work.  Just do "view source" for the page, find out the name of the image from the html code, point the browser to that image path, and bang, you have got the image.

Optimist or not, the reality is -- WHATEVER the browser shows on screen is in savable, copyable text.  It can be saved by anyone, and cloned, if they want.  Anything you do on the server is hidden, but what the user sees, all of that is "stealable".  That is the truth of the situation, good or bad.....
0
 
sciwriterCommented:
YOu are talking HTML, right, not gmail?  As long as the page comes to a person in HTML, it is not encrypted, and you cannot change that -- it is the browser "rules".  Gmail is not relevant to HTML.

I am working on encryption algorithms right now that will encrypt a bit database -- just like gmail, to run the text through a "cipher key" and it comes out as high-ascii, just like gmail shows.  And the main database looks much like what you printed, except most are like -- ╤╩∟■Ü♫Ü6╘89☼☻Ü?╩◙  that is high ascii.

However, once it gets into an html file, it is normal text, period.  Do you want to send people sncrypted code that is not in an HTML file?  That is another possibility, but how will they decode it to make it useful?
0
 
sciwriterCommented:
oops, those ascii figures were translated by the JSP that renders EE pages into numbers -- that is not what I originally put in my comment -- it is a numerica translation of what I actually typed in.... sorry....
0
 
sciwriterCommented:
The best you can do with HTML is OBFUSCATE IT -- make it difficult for the reader to figure out.  Remove all the spaces and lines between the code, pack it tight, put all the crucial stuff on one line, and use cryptic names for the various "labels" in your code.  As best, you can make HTML a pain in the neck to figure out.

However, we all go through this stage.  WHen we start creating HTML, we think it is SO unique, we must protect it.  Then the more you learn, the more you realize, Hey, the people that really know this stuff know a lot more than me.  Then you progress to the stage where you realize that anything you can think of, someone else out there knows how to do it better than you anyway.  Then finally, when you think you've become a guru, and you code is "worth protecting", that is about the time the browsers change all the rules, so you must learn it all over again....
0
 
m00003643Commented:
This page is informative on the subject:
http://dorward.me.uk/www/hide/

Like sciwriter said though, there is no fool proof way to protect your code.  However, I think the best semi-practical approach however is to do the following:

First, make your users access the protected page by using a javascript link from another page.  This link should have the menu turned off.  This will prevent your users from being able to use "view >> Source".

Secondly, the protected page should contain a javascript function that disables right-clicking.  This will obviously prevent them from using "right-click >> view source".

This is by no means fool proof though.  While it will block most curious visitors, anyone who is semi web savvy can simly disable javascript (however you can also use javascript to prevent your page from being displayed if javascript is turned off).

Beyond that, there is really little you can do.  The bottom line is that when you make your page available online, the source code MUST be sent to your users web browser, and therefore your code is necessarily on their computer, and relatively easy to view for one who knows what they're doing.

If you need the actual javascript coding for what I described above, just ask... good luck.
0
 
jericotolentinoCommented:
Try a program called HTML Protector. Maybe it'll work for you. It has a login feature too if you want one on your page. When you view the source, it's just a mass of letters that only the browser understands. It uses JS.

You'll have to shell a couple of bucks to get it, but I'll bet there are other programs that are free.

http://www.antssoft.com/htmlprotector

I've tried it before and it looks acceptable to me, but if you really need your page to be secure, follow sciwriter's suggestion about additional protection from JS using JS. ;-)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now