# Stop people from veiwing source code.



## x_twitch_x (Mar 29, 2006)

I have a no right click. But you can still go to veiw and click view source. How do i make it where people cannot view my source code?


----------



## thecoalman (Mar 6, 2006)

You can't, BTW disabling right click is useless too if the user has JS turned off. I'm pretty sure that doesn't even work at all in FF. The same issue comes up with images and for that there's a few things you can do to prevent the casual user from copying them but anyone trying to view the source isn't going to be a casual user. Even if you could disable it they'll know how to circumvent it.


----------



## Rockn (Jul 29, 2001)

If it is server side scripting like PHP it will not show on the viewer end either. If it is plain jane HTML who cares if they view it.


----------



## Eriksrocks (Aug 7, 2005)

They are correct there is no way to stop them from viewing it, and let me explain why:

HTML is how the web works. When you visit the website you request a copy of the webpage from the server... It sends you that webpage to view - it sends you the HTML code of the page (and parses any PHP into HTML before doing so). When you get it, the browser turns that HTML into the visual stuff that you see on the page. The browser parses the HTML, not the server.

So you can't effectively stop people from viewing the HTML because by the time the person is viewing the page it's already in the client's hands - the client has the data, and they can theoretically do whatever they want with it (ever heard of Greasemonkey?).


----------



## Sequal7 (Apr 15, 2001)

No right click *is* parsed with firefox, but it is user dependant on their browser. If they have javascript turned off in their browser it wont process the javascripts.

You can encrypt html, (but not hide it) and the programs to do that are *not free* that I know of.

Here's one example of view source protection
http://www.htmlcrypto.com/ (obviously try to view the pages source)
if the user has javascript turned off, it displays a message that it needs to be turned on to view the page.

here's another one, you need to enter *test* in the password field to get into this page, then you can try to view source.
http://www.html-protector.com/encrypt/sample.htm

IMHO the software is a waste of time unless you have a website that is constantly being hotlinked or material ripped off and your fed up.


----------



## brendandonhu (Jul 8, 2002)

Either of those can be reversed in a few seconds.


----------



## covert215 (Apr 22, 2006)

you can still copy the source code on that page...i generated an identical version of the first site in dreamweaver in 5 seconds


----------



## covert215 (Apr 22, 2006)

I love the first one (atleast in Firefox)...i right click and a popup comes up saying 'Right Click Disabled'...I click OK and the right click menu pops up

to get around it in any browser, you can just turn off JS after you load the page



> HTML-Crypto uses an incredibly powerful one-of-a-kind encryption algorithm that is guaranteed to ward off 99.9% of attempts to steal your code, making your site Hacker-proof


BS-Alert!


----------



## thecoalman (Mar 6, 2006)

For IE just paste this in the target field in a favorite:


```
javascript:void(document.onmousedown=null);void(document.onclick=null);void(document.oncontextmenu=null)
```


----------



## Eriksrocks (Aug 7, 2005)

covert215 said:


> to get around it in any browser, you can just turn off JS after you load the page


Not for the first one (HTML-Crypto). That one's pretty good for the average user, but a waste of money. (BTW how do you get around it? )

EDIT: Nevermind - the real source is just space out by a bunch of white space way down - they try to trick people even if they circumvented it. :up:


----------



## Eriksrocks (Aug 7, 2005)

> Its a mysterious menace, lurking in the depths of the net, on shadowy servers in third-world countries, on millions of unsuspecting victims computers, and right in the open. But one thing is for sure, it is a menace that you face.
> 
> The menace is cyber criminals. The hackers that break into personal computers and steal your credit card numbers, the spammers that fill your inbox, the vandals who deface your sites, all just for kicks. They cost businesses like yours billions of dollars a year. They are the constant threat that will never go away and will always plague you!


----------



## covert215 (Apr 22, 2006)

Use Firefox, load the page, turn off JS, and your good to go. All methods are gone. The code remains encrypted, but that doesn't stop me from going into notepad and copying it and replicating the site anyways.


----------



## Gibble (Oct 10, 2001)

Eriksrocks said:


> Not for the first one (HTML-Crypto). That one's pretty good for the average user, but a waste of money. (BTW how do you get around it? )
> 
> EDIT: Nevermind - the real source is just space out by a bunch of white space way down - they try to trick people even if they circumvented it. :up:


I was just going to say that.

I have JS Enabled...and I can see the source. No msg, nothing, just right click, and scroll down.

What a scam! They're trying to charge $97 per download.


----------



## redivivus (Mar 30, 2006)

http://www.html-protector.com/encrypt/sample.htm

How do you crack that one? Load the page, disable JS, and right click on the inner page and view source? Im guessing its all in a garbage frame?? I dont have rights on this PC so i cant try anything lol.


----------



## thecoalman (Mar 6, 2006)

I don't know anything about JS but I do know how to use Google. 



> HTML Protector actually "encrypts" your page by just converting each character to its escaped value. When the page is browsed, the browser runs the JavaScript in the page, and that JavaScript simply calls unescape on the escaped HTML. Decrypt.htm does exactly the same thing. If you take the escaped code from the HTML Protector sample page and call unescape on it, you get the HTML source code. Look at the source code of decrypt.htm. As you'll clearly see, I was able to bust the protection of HTML Protector with literally one line of code.


http://www.jimcosoftware.com/protect.aspx

You can enter the source code here to "unencrypt" it:

http://www.jimcosoftware.com/decrypt.htm

-------------------------------

Not much of a programmer but know a quite a bit about images... I'll challenge anyone to make one I can't copy.


----------



## brendandonhu (Jul 8, 2002)

Look at the source...all they've done is run the code through escape() so you run it through unescape() to undo it.


----------



## toniaxp (Sep 23, 2006)

There is no way to hide your source code but you can use a program such as zend which will encrypt it all so that it is unreadable to viewers.


----------



## brendandonhu (Jul 8, 2002)

Zend isn't going to chance anything they see in View Source, its going to show the same HTML.


----------



## Eriksrocks (Aug 7, 2005)

I think we've pretty much covered this already - *you can't hide the source code!*


----------



## Gibble (Oct 10, 2001)

Eriksrocks said:


> I think we've pretty much covered this already - *you can't hide the source code!*


And why would you care to? There's NOTHING in dHTML that you can do that no programmer with any skill couldn't duplicate with ease.


----------



## thecoalman (Mar 6, 2006)

Gibble said:


> And why would you care to?


To prevent people with no skilss from copying and pasting the the page you worked days to format would be one reason. Another would be outright theft of your entire site which does happen.


----------



## Gibble (Oct 10, 2001)

thecoalman said:


> To prevent people with no skilss from copying and pasting the the page you worked days to format would be one reason. Another would be outright theft of your entire site which does happen.


Seems like a waste of time to prevent either of those.

1. If they want to copy how to do something, who cares? You don't see car manufacturers welding their hoods shut so you can't see how the engine works! It's arrogant to think that some little bit of html, and css is so complex or mind blowing that you should keep it as a some sort of trade secret! HA! It's a waste of time.

2. If they want to copy your entire site, they won't use view source copy and paste, then grab each image, each css file, and each js file. They'll download one of a multitude of "site scraper utilities" to do it in minutes, rather than hours. Besides, the content is your intellectual property, and you have a legal case to charge them with theft/fraud/plagerism.

As a professional internet developer I really do get a kick out of the people who put those on their sites...amateur hack, is the first thing that comes to mind. They "think" they have something impressive hidden, when really...*anything* done in css, js and html is quite trivial.

If it's for security reasons, well, once again. Amateur. Everything related to security should be handled server side with a real programming language. Granted, preliminary js checks are nice to assist the user from entering invalid data, but EVERYTHING should be double checked server side.


----------



## Big-K (Nov 22, 2003)

agreed


----------



## thecoalman (Mar 6, 2006)

Gibble said:


> Seems like a waste of time to prevent either of those.
> 
> 1. If they want to copy how to do something, who cares? You don't see car manufacturers welding their hoods shut so you can't see how the engine works! It's arrogant to think that some little bit of html, and css is so complex or mind blowing that you should keep it as a some sort of trade secret! HA! It's a waste of time.


That would be your perogative, when I work on something I'm doing it for my benefit. You may may be able to easily duplicate it but that doesn't mean everyone can easily duplicate it. Programming languages such as PHP are much more complex obviously but creating a complex web page that works in all browsers isn't exactly easy either. Would you give something away you created simply because it can be duplicated, I doubt it and that is something I find arrogant.

BTW you're car analogy is quite good. They don't hide it because they can't. The car mechanic on the other hand isn't going to invite you in to let you watch how they fix it neither, especially if it's something that is easily fixed that only requires a little bit of prior knowledge.


----------



## Chicon (Jul 29, 2004)

There's another way to hide codes of a web page : use Flash programming, there will still be HTML code but only to trigger the Flash file (.swf format) in the user's browser.
Also, you can make very difficult the reverse engineering of your Flash files, there are freeware obfuscators and scramblers on line.
There are inconvenients for the user :
- the user will need the Flash plug-in installed in his browser,
- the web page may take a longer time to download (some Flash files may content every kind of medias like pictures, movies, sounds and therefore it make them heavy to download).


----------



## Gibble (Oct 10, 2001)

thecoalman said:


> That would be your perogative, when I work on something I'm doing it for my benefit. You may may be able to easily duplicate it but that doesn't mean everyone can easily duplicate it.


Which was my poont...just because it's difficult for the person who creates it, and wants to try and hide it, doesn't mean it's worth their time trying to hide it. Do you make money by hiding it? No. Do you lose money by hiding it? Not directly, but you wasted alot of time you could have been making money with.



thecoalman said:


> Programming languages such as PHP are much more complex obviously but creating a complex web page that works in all browsers isn't exactly easy either.


Yes it is...it really, really is.


thecoalman said:


> Would you give something away you created simply because it can be duplicated, I doubt it and that is something I find arrogant.


I do it all the time. I'm not going to give away a website I spent 8 hours designing, but I will post code online when I figure out some trick to sovle a common problem so others can learn and benefit.



thecoalman said:


> BTW you're car analogy is quite good. They don't hide it because they can't.


Sure they could. They could seal the hood shut, and force you to come to the dealer every time you want/need service done. But it's not worth the hassle.



thecoalman said:


> The car mechanic on the other hand isn't going to invite you in to let you watch how they fix it neither, especially if it's something that is easily fixed that only requires a little bit of prior knowledge.


Again, that's not entirely true. My father is a mechanic...if somebody wants to learn how to do something, he'll show them. The reason you aren't normally allowed into the service area in a shop is insurance. You aren't trained on the workplace hazards and put yourself and others at risk when you walk back there. Last I checked, shops still did alot of oil changes, despite it being an easy task and requiring very little knowledge. Fixing cars is easy, anybody can turn a wrench and change parts with the proper tools, diagnosing the problem is the hard part. The only reason a shop doesn't mind doing oil changes, since they make nothing on them, is because it keeps the customers coming back to them, and gives them an opportunity to find problems on the car which will make them money.

It all comes down to the green, and wasting time trying to hide HTML source isn't worth the time.


----------



## thecoalman (Mar 6, 2006)

Gibble said:


> I do it all the time. I'm not going to give away a website I spent 8 hours designing, but I will post code online when I figure out some trick to sovle a common problem so others can learn and benefit.


That's the point I'm trying to make, once you publish you just did give it away.



> It all comes down to the green, and wasting time trying to hide HTML source isn't worth the time.


Never siai d I would cause I know it's impossible, just said I would if I could.


----------



## CHwebby (Sep 29, 2006)

The only thing I have seen that you could use is a script from Dynmaic Drive that scrambles your HTML code called Source Code Encrypter. A bit more work than I personally think it's worth but here is the link and it's FREE

http://www.dynamicdrive.com/dynamicindex9/encrypter.htm


----------



## Gibble (Oct 10, 2001)

CHwebby all they do is urlescape the string. Replacing some characters with the an equivelant coded charachter. It's about as effective as me replacing vowels with special characters like this.

Th3 q*~ck br0wn f0x j~mp3d 0v3r the [email protected] d0g.

It's a farce.


----------



## CHwebby (Sep 29, 2006)

True.... but I guess it could/would deter newbies. I'm not big on hiding source code. Personally I have learned a lot from veiwing other's code. So I don't mind anyone looking at mine. Complete site rip-off's.... now that's another story. ;-)


----------



## Gibble (Oct 10, 2001)

CHwebby said:


> True.... but I guess it could/would deter newbies. I'm not big on hiding source code. Personally I have learned a lot from veiwing other's code. So I don't mind anyone looking at mine. Complete site rip-off's.... now that's another story. ;-)


In the case of a complete site rip-off you have legal avenues to explore. Lawsuits, etc.


----------



## CHwebby (Sep 29, 2006)

Eggggggg-xactly :-D Thanfully I haven't experienced that yet. Well at least not to my knowledge anyway. lol

by the way, I'm new to these forums. Surprised I haven't come across them before.


----------



## Gibble (Oct 10, 2001)

Welcome to TSG


----------

