Question:
Block Source code?
g_playa_gent
2007-06-11 17:42:55 UTC
how can i stop people from downloading my web pages
or looking at my source code, any one know any reliable scripts.
Four answers:
Jan O
2007-06-11 17:55:49 UTC
A few ideas:

- If you disable directory enumeration you have won half the battle.

- Since a browser has to download the page in order to render it, you cannot prevent the client from looking at that code.

- If you execute as much code as possible on the server and just send plain HTML to the client you prevent the client from seeing the server side code.

- If you want to go to a lot of trouble, you can put your code in an ActiveX control. That has security and portability issues, of course.
Tony S
2007-06-12 02:12:00 UTC
Web pages can be created by serving purely client-side code from scratch or they can be built using server-side code, then serving client-side code to the web browser.



Server-side code should always be hidden and should not be visible unless the Web Server was mis-configured.



Client-side code must be entirely visible which is one reason why very secure applications are rarely written as web browser applications.



But, you do have a way to "keep honest people honest" and maybe even protect from unknowlegeable websurfers. Although you cannot encrypt your pages to hide from the websurfer, you can obfuscate the code which in most cases makes it illegible to casual viewing but can be easily decoded.



Been awhile since I've played around with this... Here is a Javascript obfuscator

http://www.javascript-source.com/javascript-obfuscator.html



A commercial tool that will obfuscate the entire page

http://www.antssoft.com/htmlprotector



A Sourceforge PHP/HTML obfuscator (Public License)

http://sourceforge.net/projects/iddin



The reason why HTML page obfuscation can't be anywhere as strong as encryption is because your page must be readable by anyone generally without installing a custom plugin that could decrypt the page, so the algorithm for modifying the code on the page is widely known and available to all.
oracle
2007-06-12 01:49:09 UTC
You can't. The only way to not show your code is to use a serverside scripting language like PHP, ASP and then all they see is the HTML results.



HTH
rmelnik@sbcglobal.net
2007-06-12 16:19:08 UTC
Also google for a free website auditor. That will tell you the issues. After resolving the issue, grab blackwidow and see if the website can still be ripped.


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...