Hiding the HTML source code

Discussion in 'OT Technology' started by Robotgod, Nov 19, 2003.

  1. Robotgod

    Robotgod Guest

    I know its not entirely possible to hide code, but im just looking to hide the source by View>Source. All i need is a low-tech solution for this. I only want to stop people from able to go and view the source, like most people know. Sure there are people who can find the code another way but im not worried about them. any help would be great, thanks.
     
  2. CyberBullets

    CyberBullets I reach to the sky, and call out your name. If I c

    Joined:
    Nov 13, 2001
    Messages:
    11,865
    Likes Received:
    0
    Location:
    BC, Canada/Stockholm, Sweden
    use javascript and disable right mouse button :)
     
  3. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    disabling the right click button is a good start. The users can always go up to View->Source to get it anyways, but just use this script in your source to disable the click.

    Code:
    <script language=javascript>
    var message="Function Disabled!";
        
    function clickIE4(){
      if (event.button==2){
       alert(message);
       return false;
     }
    }
    
    function clickNS4(e){
     if (document.layers||document.getElementById&&!document.all){
      if (e.which==2||e.which==3){
      alert(message);
      return false;
      }
     }
    }
    
    if (document.layers){
     document.captureEvents(Event.MOUSEDOWN);
     document.onmousedown=clickNS4;
    }
    else if (document.all&&!document.getElementById){
     document.onmousedown=clickIE4;
    }
    document.oncontextmenu=new Function("alert(message);return false")
    
    </script>
    
    i'm not sure that there is any other way to disable a user from viewing the HTML source.. after all... the whole document is streamed to the client for processing, so it will always be there and available.
     
  4. MP

    MP New Member

    Joined:
    Sep 10, 2002
    Messages:
    34,377
    Likes Received:
    0
    Location:
    Silicon Valley
    use php :)
     
  5. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    :confused: how does that matter? either way, the client recieves HTML doesn't matter the server language
     
  6. kingtoad

    kingtoad OT Supporter

    Joined:
    Sep 2, 2003
    Messages:
    55,918
    Likes Received:
    10
    Location:
    Los Angeles
    :wtf:

    Anyway... I don't think you could hide HTML source code. My friend insists on proving me wrong and says he's actually been to a site where the the View Source options were disabled. Also telling me when he did actually view the source, it showed up blank.

    I'm just like... yeah, okay dude. :bigthumb:

    I have yet to see it though.

    Even with all those pages that disable access to everything, you could just view-source:http://url in the browser and it comes up.
     
  7. crotchfruit

    crotchfruit Guest

    this is a pretty rad trick. :eek3: :eek3:
     
  8. Astro

    Astro Code Monkey

    Joined:
    Mar 18, 2000
    Messages:
    2,047
    Likes Received:
    0
    Location:
    Cleveland Ohio
    If you're serious and you have some time on your hands:

    Complete your HTML
    Encode it (many flavors to pick from, but you'll need Javascript to decode it)
    copy the encoded mess into a string
    have string decoded by a Javascript decoding function
    Use Javascript to output the decoded string

    Bullet proof? Maybe. Just have to be careful your target audience can run the Javascript. By default, the "Save As" will only save the Javascript with the encoded mess (and a right-click-view-source will just yeild the Javascript with the encoded mess). Mozilla's DOM viewer MIGHT be able to view some of the structure, but I haven't tried. To defeat this would just mean the user copies the encoded mess and figures out how to run it in the decoder and instead of dumping the output directly to the browser, they would need to get a little creative (like dump it in a text box).
     
  9. kingtoad

    kingtoad OT Supporter

    Joined:
    Sep 2, 2003
    Messages:
    55,918
    Likes Received:
    10
    Location:
    Los Angeles
    Wouldn't that seriously bog up loading time though?
     
  10. 5Gen_Prelude

    5Gen_Prelude There might not be an "I" in the word "Team", but

    Joined:
    Mar 14, 2000
    Messages:
    14,519
    Likes Received:
    1
    Location:
    Vancouver, BC, CANADA
    I think I know what he's talking about, no idea how to do it though. I've right clicked a few sites and come up with nothing, or next to nothing. I don't have any HTML training though so I could be way off. What about that "Try to hack this web site" site? Surely it must have done some tricky things?

    Like I said, I have no idea how it's done, but I think I know what your friend is talking about. Course, we could be both idiots too...
     
  11. Astro

    Astro Code Monkey

    Joined:
    Mar 18, 2000
    Messages:
    2,047
    Likes Received:
    0
    Location:
    Cleveland Ohio
    Who is uploading? You encode the page once and then FTP/upload it to your website and you're good to go. With some creativity, you COULD leave it in HTML with the idea you have some server side scripting to handle the encoding for you (this is getting fancy and doesn't directly relate to the topic at hand).

    Did you mean downloading to the client? No, not really, but it depends. If you have a crappy encoding scheme, then yes it will take longer. But what if you used an encoding scheme that compressed the data? That could work, but remember web servers can compress data on the fly too - meaning it might just be more work.

    The real draw back is if the processing power on the client machine can't keep up, it will look like the page is loading slow. But by now, if you're on the 'net, you probably have a P100 or faster machine and handling this code shouldn't be a huge problem unless your algorithm really sucks.
     
  12. Leb_CRX

    Leb_CRX OT's resident terrorist

    Joined:
    Apr 22, 2001
    Messages:
    39,994
    Likes Received:
    0
    Location:
    Ottawa, Canada
    the right click disable sucks, if you right click real fast a few times and hitting esc or whatever after, you'll get the menu eventually, try it :big grin:
     
  13. Divine Vengeance

    Divine Vengeance New Member

    Joined:
    May 21, 2003
    Messages:
    20,453
    Likes Received:
    0
    :werd: if you left-click then immediately follow it by a right-click, you'll fuck over the the script. The View Source option pretty much sends JS disables to hell though, if someone is determined enough.
     
  14. samm

    samm Next in Line

    Joined:
    Dec 22, 2000
    Messages:
    2,630
    Likes Received:
    0
    Location:
    San Jose, CA
    Many html code obfuscators exist. Do a google search. It won't disable the view source button, but it will make your code hard to understand.
     
  15. kingtoad

    kingtoad OT Supporter

    Joined:
    Sep 2, 2003
    Messages:
    55,918
    Likes Received:
    10
    Location:
    Los Angeles
    My mistake for miswording, I meant bog-up loading time. Hehe.
    Yeah, I figured if the user had a slow machine it would cause loading times rather harsh for them.

    In all honesty, I wouldn't worry about encrypting source code with such things. I mean, it's just HTML, and if it was that important you could throw a copyright on it.
     
  16. Robotgod

    Robotgod Guest

    reason why i was wanting to know was cause i have this login page and in the script for the thing it has usernames and passwords. Its in javascript and the form is in html if that makes a difference
     
  17. Zourn

    Zourn 16-bit Ninja OT Supporter

    Joined:
    Apr 3, 2002
    Messages:
    2,354
    Likes Received:
    0
    Location:
    Texas
    Remember, K.I.S.S.
    Keep It Simple Stupid.
    Use Frames, not foolproof, but it helps.
     
  18. frinky23

    frinky23 Bangle Sackrider

    Joined:
    Sep 10, 2002
    Messages:
    11,246
    Likes Received:
    0
    Location:
    Prestigious Cook County
    That's a very unsafe design and I would recommend NOT using it. You cannot keep the source a secret.
     
  19. Astro

    Astro Code Monkey

    Joined:
    Mar 18, 2000
    Messages:
    2,047
    Likes Received:
    0
    Location:
    Cleveland Ohio
    Because we don't know the application for this login page, all we can say is that is TOTALLY INSECURE. Even with the methods given above, those are only going to stop the clueless ones.

    To handle login processing you have two choices: server side scripting (PHP, ASP, Java, Perl, whatever) or use the server's security (Apache: .htaccess, NT: basic authentication for the directory).
     
  20. Penguin Man

    Penguin Man Protect Your Digital Liberties

    Joined:
    Apr 27, 2002
    Messages:
    21,696
    Likes Received:
    0
    Location:
    Edmonton, AB
    Or wget url on Linux :)
     

Share This Page