How to Hide your Source Code!

[zahid]

Hello,

        Friends i want to hide my source so can it possible ??


Thanks & Regards,
Zahid From Pakistan

[ChrisXPPro]

Most right click protect routines are not bullet proof ... particularly these days with all the browser add ons available.

I have a  very old script shown below which I had tucked away - maybe play with that.

Code: [Select]

<html>
<head>
<title>No-Right-Click-Script without Ugly Alert-Box</title>

<meta NAME="keywords" CONTENT="DHTML, JavaScript, right, click, code, Dynamic HTML, download, free, samples, applet">

<meta NAME="description" CONTENT="This little script prevents people from stealing your HTML-code or your
images by clicking on the right mousebutton. This script will NOT open an ugly alert-box! In fact it does nothing
at all besides displaying a little message on the status bar. Try right clicking anywhere inside this document in
order to test the script. No configuration needed. Pure copy-and-paste. Crossbrowser.">

<script>
<!--
// CREDITS:
// No Right Click Script without Ugly Alert-Box
// by Urs Dudli and Peter Gehrig
// Copyright (c) 2000 Peter Gehrig and Urs Dudli. All rights reserved.
// Permission given to use the script provided that this notice remains as is.
// Additional scripts can be found at http://www.24fun.com/fast/index.html
// [email protected]
// 10/12/2000

// IMPORTANT:
// If you add this script to a script-library or a script-archive
// you have to insert a link to http://www.24fun.com/fast/index.html
// right into the webpage where the script will be displayed.

// CONFIGURATION:
// Go to http://www.24fun.com/fast/index.html, open category 'utility' and
// download the script-file with step-by-step instructions for easy configuration

function right(e) {
if (document.layers && (e.which==3 || e.which==2))  {
window.status="NO RIGHT CLICK ALLOWED!"
return false;
}
else if (document.all && (event.button==2 || event.button==3)) {
window.status="NO RIGHT CLICK ALLOWED!"
openclosewindow()
return false;
}
}

function openclosewindow() {
var windownews=window.open("", "", "status=no,location=no,toolbar=no,menubar=no,resizable=no,scrollbars=no,width=50,
height=50,
top=20000,left=200");
windownews.close()
}
if (document.all) {
document.onmouseup=right;
window.onmouseup=right;
}
if (document.layers) {
document.captureEvents(Event.MOUSEDOWN);
document.onmousedown=right;
}
//-->
</script>

</head>

<body>
<form>
<font size=1 face=Verdana color=000000><ul><b>No Right Click Script without Ugly Alert-Box</b><br><br>
This little script prevents your visitors from stealing your HTML-code or your images by clicking on the right mouse
button. This script will NOT open an ugly alert-box. In fact it does nothing at all besides displaying a little message
 on the status bar. Try right clicking anywhere inside this document in order to test the script. Crossbrowser.
No configuration needed. Pure copy-and-paste.<br><br><br>

<script src="http://www.24fun.com/affiliates/textinfospacemany.js"></script><br><br>

<b>Configuration:</b><br><br>
Add the following code between <b>&lt;head&gt;</b> and <b>&lt;/head&gt;</b> of your webpage:<br>
<input type=button onClick="this.form.code1.focus();this.form.code1.select()" value="select all" style="font-size:8pt"><br>
<textarea name="code1" cols="70" rows="10" style="font-size:8pt">
<script>
<!--
// CREDITS:
// No Right Click Script without Ugly Alert-Box
// by Urs Dudli and Peter Gehrig
// Copyright (c) 2000 Peter Gehrig and Urs Dudli. All rights reserved.
// Permission given to use the script provided that this notice remains as is.
// Additional scripts can be found at http://www.24fun.com/fast/index.html
// [email protected]
// 10/12/2000

// IMPORTANT:
// If you add this script to a script-library or a script-archive
// you have to insert a link to http://www.24fun.com/fast/index.html
// right into the webpage where the script will be displayed.

// CONFIGURATION:
// Go to http://www.24fun.com/fast/index.html, open category 'utility' and
// download the script-file with step-by-step instructions for easy configuration

function right(e) {
if (document.layers && (e.which==3 || e.which==2))  {
window.status="NO RIGHT CLICK ALLOWED!"
return false;
}
else if (document.all && (event.button==2 || event.button==3)) {
window.status="NO RIGHT CLICK ALLOWED!"
openclosewindow()
return false;
}
}

function openclosewindow() {
var windownews=window.open("", "", "status=no,location=no,toolbar=no,menubar=no,resizable=no,scrollbars=no,width=50,
height=50,
top=20000,left=200");
windownews.close()
}
if (document.all) {
document.onmouseup=right;
window.onmouseup=right;
}
if (document.layers) {
document.captureEvents(Event.MOUSEDOWN);
document.onmousedown=right;
}
//-->
</script>
</textarea>

<br><br>

<a href="http://www.24fun.com/fast/index.html" target="_blank">>>> Download 100's of free funscripts</a>
</form>
</body>
</html>


[fffreak]

You can always use encryption/encoding, course it's not totally cracker proof but it will sustain the normal mundane user from stealing your source code. The No-Right-Click function is mostly used to stop people from right clicking on images and stealing them, people can still access your source code by going through the Navigation bar of most browsers((IE):View->Source). Of course that method of trying to block people from stealing images is not fully cracker proof either, for anyone that can read a little HTML code. But look into encryption/encoding, I made my own sort of encryption with a combination of Ascii and my own method in Javascript, of course I'm not going to show you that source code . But Ascii encryption is the most common method and will prevent the normal mundane user from stealing your code, just do a google search of "Ascii Encryption HTML", or something along the lines of that. That should help!

[BC_Programmer]

encryption is NOT obfuscation. converting text to the equivalent HTML character code (A etc...) is obfuscation. The same method used to create the ASCII equivalents can be used to reverse the process quite easily.


security by obfuscation is not security; it's just foolishness.

[fffreak]

encryption is NOT obfuscation. converting text to the equivalent HTML character code (A etc...) is obfuscation. The same method used to create the ASCII equivalents can be used to reverse the process quite easily.


security by obfuscation is not security; it's just foolishness.

Like I said, it is not cracker proof meaning anybody who knows how to convert Ascii back to the original HTML code that we as users can read, can easily steal and use the source code, There is no actual way to hide the source code of an HTML document. So if you have a better method of making the source code of an HTML document more read proof, because you obviously cannot hide it, than have at it. And believe it or not it's not foolishness, it does prevent the everyday web designer who has basic web designing skills from reading through the Ascii code and taking what they may want, plus there is a lot of people who out of pure laziness, don't even want to go through the process of converting Ascii back to HTML text. Like I said, I also use my own method of encryption through a combination of Javascript and Ascii. There is no fool-proof way to hide the source code though, so if you think you have a better solution than please do tell .

[BC_Programmer]

I've seen it used effectively. It could easily be applied at most sites with no worries.

Another method is to place most Source code within separate JS and VBS files, placed in a separate folder. (or anywhere, really). while the browser downloads the
 scripts along with all the rest of it, it can be more difficult to search through a cache
for a temporary file when you only know the extension.

I wasn't saying anything against your methods; I was merely saying that, as you said, there isn't a built-in way to do encryption up to and including page interpretation; the best we can do is make it difficult, which is usually enough. the question inevitably comes up as to wether it's worth it, and that depends wholly on the code being obfuscated.

Another wholly different route would be to try to place all code possible on the server-side; permissions can be set to completely disallow access to the code

[fffreak]

I've seen it used effectively. It could easily be applied at most sites with no worries.

Another method is to place most Source code within separate JS and VBS files, placed in a separate folder. (or anywhere, really). while the browser downloads the
 scripts along with all the rest of it, it can be more difficult to search through a cache
for a temporary file when you only know the extension.

I wasn't saying anything against your methods; I was merely saying that, as you said, there isn't a built-in way to do encryption up to and including page interpretation; the best we can do is make it difficult, which is usually enough. the question inevitably comes up as to wether it's worth it, and that depends wholly on the code being obfuscated.

Another wholly different route would be to try to place all code possible on the server-side; permissions can be set to completely disallow access to the code

Yes you are right about that, but don't forget that's not fool proof either, someone can easily read through the source code, find out what the names of the script files used on the web page, and open up their temporary internet files and view the source of the scripts that way as well. Plus you cannot encrypt the source code of the scripts when you save them seperately as their own file. I don't really think the poster wants to totally disallow access to the files using permissions on their web server, I'm pretty sure they want the files visible to a user when they pull up their site, I think that's why they asked if there was a way to hide the source code. But I still believe best way to do so, is to encrypt the source that way it makes it difficult for a web designer to pull what they want from the source code of the HTML document. That's just my opinion of course though .

[soybean]

ChrisXPPro, can you edit your first post and split up those long lines that are causing a need for massive horizontal scrolling to read the posts in this thread?

[ChrisXPPro]

Wow - sorry about that - I guess I hadn't checked that out when I posted!  I hate the horizontal scroll too - fixed it now.

[michaewlewis]

You could encrypt your sourcecode.........
http://www.dynamicdrive.com/dynamicindex9/encrypter.htm

[kpac]

But it can be decrypted again...

Let's face it, there is no actual way to hide the source code.

You can't. The browser needs the HTML to render the page and there is no way to disable the view source item in the menu. And no-right-click scripts are dishonest, show arrogance, and are worthless because a view source item is usually in the Edit menu, which does not need to be right-clicked.

http://www.webdeveloper.com/forum/showthread.php?t=89947
http://www.programmingtalk.com/showthread.php?t=21985

[michaewlewis]

sure, it can be decrypted, but when someone looks at the source, they'll just close it and move on. Personally, I don't see why anyone would really want to hide their html source..... It's just a waste of time and it isn't even real programming. If you're doing something in your code that requires everything to be hidden, use server side scripting like php or aspx instead.

[BC_Programmer]

and it isn't even real programming.

This is an important point.

HTML is not a Programming language. It's a markup language.