INHOUSERES
asked on
Preventing some source code from being viewed
Hello experts.
I'm hoping you may be able to help me with an issue with Firefox.
We use an online reporting system called Dapresy and we use it to provide our clients with access to their customer data (we run satisfaction surveys).
We want to benchmark these clients against each other using this online system and we want it to be completely anonymous.
We've managed to make a chart that has all the scores on screen and you cannot see which score applies to which client. If you view the source code, it seems to show the source for only a certain part of the page - which is great!
However in firefox, if you press CTRL+A then click "View Selection Source" it shows the source code for the charts and then unfortunately shows the order in which the clients are.
We have the power to edit CSS and we can also put in some Custom HTML into the projects we have in the system.
I know it's probably useless having this without experts knowing anything about Dapresy (the online system), but I didn't know if there was any generic javascript, or CSS or other people who may have come across a way to prevent the "View Selection Source" option.
I'm hoping you may be able to help me with an issue with Firefox.
We use an online reporting system called Dapresy and we use it to provide our clients with access to their customer data (we run satisfaction surveys).
We want to benchmark these clients against each other using this online system and we want it to be completely anonymous.
We've managed to make a chart that has all the scores on screen and you cannot see which score applies to which client. If you view the source code, it seems to show the source for only a certain part of the page - which is great!
However in firefox, if you press CTRL+A then click "View Selection Source" it shows the source code for the charts and then unfortunately shows the order in which the clients are.
We have the power to edit CSS and we can also put in some Custom HTML into the projects we have in the system.
I know it's probably useless having this without experts knowing anything about Dapresy (the online system), but I didn't know if there was any generic javascript, or CSS or other people who may have come across a way to prevent the "View Selection Source" option.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
the general answer is "no", there wil always be a way to, once a page request has been made, to view that code. There are javascript techniques that you can use to discourage people from viewing source, but those people tech savy enough will generally find a way around those "discouraging" techniques. once the page has been served to the end user, anyone can just locate that page in their temp directory and view it from there.
ASKER
Thanks for the swift responses.
Kyle - It's kind of a WYSIWYG program so we don't have raw access to the databases. We upload data in .sav and one of the options I was thinking of would be to give clients a 5 letter/digit code to represent their company. This would probably change each month to keep it fresh.
This would be a last resort though.
Gary/CL - I thought this would be the case, but if you view the source without selecting then you don't see it. It works perfectly in IE and Chrome because you don't have the function to View Selection Source.
I also added this to the CSS to try and prevent highlighting. This only works properly in Chrome though:
-webkit-touch-callout: none;
-webkit-user-select: none;
-khtml-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
user-select: none;
You cant click and drag to highlight in Firefox or Chrome, but you can in IE.
If I could prevent highlighting in Firefox, it may be enough prevention to ensure it's anonymity. Although it's not impossible, it's incredibly improbable that a client of ours would go to such lengths to find out who it who... However the more I can prevent, the better.
Kyle - It's kind of a WYSIWYG program so we don't have raw access to the databases. We upload data in .sav and one of the options I was thinking of would be to give clients a 5 letter/digit code to represent their company. This would probably change each month to keep it fresh.
This would be a last resort though.
Gary/CL - I thought this would be the case, but if you view the source without selecting then you don't see it. It works perfectly in IE and Chrome because you don't have the function to View Selection Source.
I also added this to the CSS to try and prevent highlighting. This only works properly in Chrome though:
-webkit-touch-callout: none;
-webkit-user-select: none;
-khtml-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
user-select: none;
You cant click and drag to highlight in Firefox or Chrome, but you can in IE.
If I could prevent highlighting in Firefox, it may be enough prevention to ensure it's anonymity. Although it's not impossible, it's incredibly improbable that a client of ours would go to such lengths to find out who it who... However the more I can prevent, the better.
It must be loading in a frame or through ajax? Cannot tell from their site since they don't show an example That would explain why it's not directly visible in the browsers view source
The css you have covers all browsers so it should work in IE
Other option is to overlay a transparent div covering the page so you cannot actually select anything.
The css you have covers all browsers so it should work in IE
Other option is to overlay a transparent div covering the page so you cannot actually select anything.
Same approach . . . if the data is in .SAV then update .sav and replace the customer's name with something else. You're generating the .SAV from somewhere.
I would NOT recommend trying to just hide the data. Any JS function can be disabled, and with firebug you can pretty much do anything you want. The only way to truly secure this is to change / obfuscate the data before it's presented to the user.
I would NOT recommend trying to just hide the data. Any JS function can be disabled, and with firebug you can pretty much do anything you want. The only way to truly secure this is to change / obfuscate the data before it's presented to the user.
If you find a way to do this please notify me and we will patented the method and becomes billionaires. Seriously, a browser; ANY BROWSER is designed to do exactly what you are trying to prevent. You can spend all the time and effort you want, but it will be a waste, because if you find something that succeeds you will also have a method that prevents the browser from rendering the page.
On each of my browsers I have a button from an addon. When I click on the button it list my cache and I can do anything I want with the content from a site. A common addon? if you do a search for cache viewer Google will return about 10 million hits listing versions for every browser in the universe. Given the amount of effort to create that many variations, I would say the demand is high enough that they are commonly in use. However if you find a way we can get rich in a hurry.
Cd&
On each of my browsers I have a button from an addon. When I click on the button it list my cache and I can do anything I want with the content from a site. A common addon? if you do a search for cache viewer Google will return about 10 million hits listing versions for every browser in the universe. Given the amount of effort to create that many variations, I would say the demand is high enough that they are commonly in use. However if you find a way we can get rich in a hurry.
Cd&
ASKER
Probably have to to shelf this then...
The only way is to try and manipulate the data before it's HTMLised.
Looks like "Obfuscate" will be a new word in my vocab.
The only way is to try and manipulate the data before it's HTMLised.
Looks like "Obfuscate" will be a new word in my vocab.
There are js routines that can disable right click on the page but it takes all of 2 seconds to get around it