kbach
asked on
Hide/Encrypt HTML source like gmail?
Does anyone know how to hide or encrypt the HTML of a webpage so that it is not viewable by the user?
ie, if you log into a gmail account, and view the source, you'll see what I mean.
Thanks,
Scott.
ps, I know most people think it CAN'T be done effectively, so only optimists need respond ;-)
ie, if you log into a gmail account, and view the source, you'll see what I mean.
Thanks,
Scott.
ps, I know most people think it CAN'T be done effectively, so only optimists need respond ;-)
You cannot encrypt HTML effectively, because, for any browser to render it, it must first be in plain text (with tags) -- so once it is in plain text, anyone can do "view source" and get all your code. It is not possible.
But, being an optomist, I am working on ideas where you CAN encrypt the basic data you are presenting. That is a new idea that many have not sought. Even then, once it is rendered in HTML, the data on that page is still able to be gotten by anyone, using "view source". The key is, don't put all the data in one page, make it difficult.
If it is CODE you are trying to protect, there is only ONE solution -- you must use a server language like PHP or CGI, or maybe even ASP -- because the server code RENDERS the file to HTML before anyone sees it, they see only the HTML, and not the source code, so your source code is "protected".
If it is CODE you are trying to protect, there is only ONE solution -- you must use a server language like PHP or CGI, or maybe even ASP -- because the server code RENDERS the file to HTML before anyone sees it, they see only the HTML, and not the source code, so your source code is "protected".
ASKER
‹ Ó5¶0±0672¶0²°4137510 .×Qø
This is what's returned by doing a view source in gmail. My question is, how did they do that?
This is what's returned by doing a view source in gmail. My question is, how did they do that?
Now the non-optimist would say -- "Well, you can use server code to render anything you want, but given the output, and knowing which server language rendered it, I can pretty-much reconstruct the code that produced that output". And they are right. Whatever shows in the browser is copyable to a file on anyone's hard disk.
So the key here is -- "What are you trying to protect?" Is it code, is it data, is it both? Or is it just images?
A lot of people disable the right-click to stop people saving images. Doesn't work. Just do "view source" for the page, find out the name of the image from the html code, point the browser to that image path, and bang, you have got the image.
Optimist or not, the reality is -- WHATEVER the browser shows on screen is in savable, copyable text. It can be saved by anyone, and cloned, if they want. Anything you do on the server is hidden, but what the user sees, all of that is "stealable". That is the truth of the situation, good or bad.....
So the key here is -- "What are you trying to protect?" Is it code, is it data, is it both? Or is it just images?
A lot of people disable the right-click to stop people saving images. Doesn't work. Just do "view source" for the page, find out the name of the image from the html code, point the browser to that image path, and bang, you have got the image.
Optimist or not, the reality is -- WHATEVER the browser shows on screen is in savable, copyable text. It can be saved by anyone, and cloned, if they want. Anything you do on the server is hidden, but what the user sees, all of that is "stealable". That is the truth of the situation, good or bad.....
YOu are talking HTML, right, not gmail? As long as the page comes to a person in HTML, it is not encrypted, and you cannot change that -- it is the browser "rules". Gmail is not relevant to HTML.
I am working on encryption algorithms right now that will encrypt a bit database -- just like gmail, to run the text through a "cipher key" and it comes out as high-ascii, just like gmail shows. And the main database looks much like what you printed, except most are like -- ╤╩∟σ
However, once it gets into an html file, it is normal text, period. Do you want to send people sncrypted code that is not in an HTML file? That is another possibility, but how will they decode it to make it useful?
I am working on encryption algorithms right now that will encrypt a bit database -- just like gmail, to run the text through a "cipher key" and it comes out as high-ascii, just like gmail shows. And the main database looks much like what you printed, except most are like -- ╤╩∟σ
However, once it gets into an html file, it is normal text, period. Do you want to send people sncrypted code that is not in an HTML file? That is another possibility, but how will they decode it to make it useful?
oops, those ascii figures were translated by the JSP that renders EE pages into numbers -- that is not what I originally put in my comment -- it is a numerica translation of what I actually typed in.... sorry....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This page is informative on the subject:
http://dorward.me.uk/www/hide/
Like sciwriter said though, there is no fool proof way to protect your code. However, I think the best semi-practical approach however is to do the following:
First, make your users access the protected page by using a javascript link from another page. This link should have the menu turned off. This will prevent your users from being able to use "view >> Source".
Secondly, the protected page should contain a javascript function that disables right-clicking. This will obviously prevent them from using "right-click >> view source".
This is by no means fool proof though. While it will block most curious visitors, anyone who is semi web savvy can simly disable javascript (however you can also use javascript to prevent your page from being displayed if javascript is turned off).
Beyond that, there is really little you can do. The bottom line is that when you make your page available online, the source code MUST be sent to your users web browser, and therefore your code is necessarily on their computer, and relatively easy to view for one who knows what they're doing.
If you need the actual javascript coding for what I described above, just ask... good luck.
http://dorward.me.uk/www/hide/
Like sciwriter said though, there is no fool proof way to protect your code. However, I think the best semi-practical approach however is to do the following:
First, make your users access the protected page by using a javascript link from another page. This link should have the menu turned off. This will prevent your users from being able to use "view >> Source".
Secondly, the protected page should contain a javascript function that disables right-clicking. This will obviously prevent them from using "right-click >> view source".
This is by no means fool proof though. While it will block most curious visitors, anyone who is semi web savvy can simly disable javascript (however you can also use javascript to prevent your page from being displayed if javascript is turned off).
Beyond that, there is really little you can do. The bottom line is that when you make your page available online, the source code MUST be sent to your users web browser, and therefore your code is necessarily on their computer, and relatively easy to view for one who knows what they're doing.
If you need the actual javascript coding for what I described above, just ask... good luck.
Try a program called HTML Protector. Maybe it'll work for you. It has a login feature too if you want one on your page. When you view the source, it's just a mass of letters that only the browser understands. It uses JS.
You'll have to shell a couple of bucks to get it, but I'll bet there are other programs that are free.
http://www.antssoft.com/htmlprotector
I've tried it before and it looks acceptable to me, but if you really need your page to be secure, follow sciwriter's suggestion about additional protection from JS using JS. ;-)
You'll have to shell a couple of bucks to get it, but I'll bet there are other programs that are free.
http://www.antssoft.com/htmlprotector
I've tried it before and it looks acceptable to me, but if you really need your page to be secure, follow sciwriter's suggestion about additional protection from JS using JS. ;-)