PDA

View Full Version : Disabling View Source?



deadpoeticstar
03-24-2005, 05:56 PM
is there a script that will disable view source altogether?

mwinter
03-24-2005, 06:32 PM
is there a script that will disable view source altogether?No. It is impossible. Anything that is publically accessible can be saved and viewed at the user's leisure, and there is nothing you can do about that.

In any case, nobody's mark-up is so special that it needs hiding or protecting.

Mike

jscheuer1
03-24-2005, 07:59 PM
You can encrypt it. Seems like alot of bother to me. You can use scripts to make it difficult, but you cannot hide it from me or anyone with a little more than basic knowledge of the workings of their browser.

mwinter
03-24-2005, 08:26 PM
You can encrypt it.No you can't, at least not in any way that actually means something. If the user agent can decrypt it - and it has to - so can anyone else. For instance, Firefox allows access to the document tree using the DOM Inspector. You can export the document, which will give you the source code that is equivalent to the current state of the page. So again: it's impossible.

Mike

selece28
04-01-2005, 09:10 AM
but can we use script to prevent someone from downloading/saving our web page. I'f seen some website that can do that. When we use the commom "save page as..." from our browser, it only save 1kb of empty htm page to my Hdd.
I wanna know how to do this.
I know that theres some program out there that can d/l all content from a website, but i just wanna know how to protect our website from the common "save page as..." from common browser. Thanks

mwinter
04-02-2005, 12:32 AM
but can we use script to prevent someone from downloading/saving our web page.No. I've said that already.


I'f seen some website that can do that.Care to provide a link?


When we use the commom "save page as..." from our browser, it only save 1kb of empty htm page to my Hdd.I find that hard to believe.

In order for any user agent to render a document, it must download the mark-up and any other additional resources indicated. If that data has been downloaded, it is on the user's computer, and if it's on the computer it can be saved. It's as simple as that.

The Web is a system originally motivated to allow the sharing of information. The very concept of "hiding" (outside authentication, access controls, and the like) doesn't fit at all. That's why when I say "No", I mean it.

Mike

Chuck
04-02-2005, 11:42 AM
There are several programs that allow you to protect your content. Some work by running a script that basically hides the content using some sort of encrpytion or other methods and when a browser opens your site it runs the script which displays the original content. If you "view source" you see a bunch of garbage. I am sure you have seen emails with strange story lines that don't make sense but they translate into the content. As I said there are many methods out there. You have the option of encrypting various levels also instead of the entire file. The options vary. I see more and more sites protecting their content these days.

Artists can also protect their images using similar programs. I can go on and on talking about this topic... :)

There are others besides that one example that allow you to protect different levels of your source files such as anything between the BODY tags or ALL TAGS or even just your text outside of any TAGS. I have tried several of these programs out and like anything else available some are worth trying and some aren't. Most of them were free from what I remember. The ones that required payment or a donation to keep using weren't any better than some of the free ones.

Try doing a search for HTML Protection and you'll find loads of them to try. I am not sure what the rules are around here about mentioning names so PM me and I will tell you the ones I liked the best and still use. Yes, that was plural. I never have found one of anything that can do it all. I use one that makes email addresses safe from web bots. That one was worth paying for but it was free. I actually sent the author a few bucks via PayPal with a "thank you!" message. I believe in trying stuff for free but if it's good and you're going to keep using it I believe in paying for it too.

Hope I helped, I didn't read the entire thread. If I am off topic or missed something I apologize.

Chuck :D

mwinter
04-02-2005, 02:17 PM
I'm getting sick of this topic. :mad: How many times do I have to say it's impossible!


There are several programs that allow you to protect your content. Some work by running a script [...]That script is client-side, and has to be run by the user agent in order to get the original mark-up. Instead of writing the output into a document, you could simply write into a textarea element, or something similar. If you have Firefox, it's even easier: it allows you to export the entire document tree - the one that exists after scripts have been executed. That is certainly impossible to prevent.

Now, can we drop this nonsense? It doesn't take a genius to understand that the content on the Web cannot be protected. You can make it hard, but far from impossible. If someone is intent on getting the content - and your content isn't really worth the effort, I'm certain - you will do nothing to stop them. Moreover, these encryption mechanisms make your site reliant on scripting which is pointless. Not only do you reduce the number of potential vistors, but what you're attempting doesn't even work so you've excluded these others for no reason!

For feck's sake. Think, people!


I use one that makes email addresses safe from web bots.Those don't work, either. A bot could simply piggyback on a user agent that would run the script, then iterate through the links collection to find mailto URIs. I also know there's one program (though I forget its name) that can execute client-side scripts directly, anyway.

If you want to bury your heads in the sand, thinking that rubbish like this works, fine. I'm fed up of trying to persuade you otherwise.

Mike

Chuck
04-02-2005, 03:04 PM
Sorry Mike,

I didn't mean to beat a dead horse when I ran across this thread.

I now understand what you were referring to and I agree with you completely! You are absolutely correct. If someone wants it they can get it and quite easily if they know what they are doing.

Like locks on doors are for honest people so are most of the little scripts with warnings and the other stuff mentioned in previous posts. Depending on the level of protection most people aren't going to bother. It's isn't worth the time or trouble to get at your source code and for those people who can get at it easily enough anyway have no real need to anyway since they can probably write the same stuff faster then it takes to grab yours.

I am new here so how or who can close the thread?

Chuck

mwinter
04-02-2005, 05:00 PM
Sorry Mike,It is I who should apologise. Your post got me riled up and it shouldn't have.


I didn't mean to beat a dead horse when I ran across this thread.I don't mind going over the same topics (though of course, there is an eventual limit)...


I now understand what you were referring to and I agree with you completely!...as long as the message gets across. I tend to choose my words carefully, so "impossible" isn't a word I'd use lightly. To then be repeatedly challenged is just infuriating.

So again, my apologies to you.


I am new here so how or who can close the thread?Only the moderator (ddadmin (http://www.dynamicdrive.com/forums/member.php?u=1)), I believe. I've only created one thread here (a treatise, not a question) and I can't close that.

Mike

fatbear
04-10-2005, 05:32 PM
It is interesting that when I visit www.google.com (http://www.google.com), even though the View > Source menu exists, when I click it, nothing happens (same with right click > View Source). When I visit one of my own websites, doing the same thing does reveal the source code.

So how does Google do that trick?

Enjoy,
fatbear

cr3ative
04-10-2005, 07:12 PM
Uhm:


<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Google</title><style><!--
body,td,a,p,.h{font-family:arial,sans-serif;}
.h{font-size: 20px;}
.q{color:#0000cc;}
//-->
</style>
<script>
<!--
function sf(){document.f.q.focus();}
// -->
</script>
</head><body bgcolor=#ffffff text=#000000 link=#0000cc vlink=#551a8b alink=#ff0000 onLoad=sf() topmargin=3 marginheight=3><center><img src="/intl/en_uk/images/logo.gif" width=276 height=110 alt="Google"><br><br>
<form action=/search name=f><script><!--
function qs(el) {if (window.RegExp && window.encodeURIComponent) {var qe=encodeURIComponent(document.f.q.value);if (el.href.indexOf("q=")!=-1) {el.href=el.href.replace(new RegExp("q=[^&$]*"),"q="+qe);} else {el.href+="&q="+qe;}}return 1;}
// -->
</script><table border=0 cellspacing=0 cellpadding=4><tr><td nowrap><font size=-1><b>Web</b>&nbsp;&nbsp;&nbsp;&nbsp;<a id=1a class=q href="/imghp?hl=en&tab=wi" onClick="return qs(this);">Images</a>&nbsp;&nbsp;&nbsp;&nbsp;<a id=2a class=q href="/grphp?hl=en&tab=wg" onClick="return qs(this);">Groups</a>&nbsp;&nbsp;&nbsp;&nbsp;<a id=4a class=q href="/nwshp?hl=en&tab=wn" onClick="return qs(this);">News</a>&nbsp;&nbsp;&nbsp;&nbsp;<a id=5a class=q href="/frghp?hl=en&tab=wf" onClick="return qs(this);">Froogle<sup><a style="text-decoration:none"><font color=red>New!</font></a></sup></a>&nbsp;&nbsp;&nbsp;&nbsp;<b><a href="/options/index.html" class=q>more&nbsp;&raquo;</a></b></font></td></tr></table><table cellspacing=0 cellpadding=0><tr><td width=25%>&nbsp;</td><td align=center><input type=hidden name=hl value=en><input maxLength=256 size=55 name=q value=""><br><input type=submit value="Google Search" name=btnG><input type=submit value="I'm Feeling Lucky" name=btnI></td><td valign=top nowrap width=25%><font size=-2>&nbsp;&nbsp;<a href=/advanced_search?hl=en>Advanced Search</a><br>&nbsp;&nbsp;<a href=/preferences?hl=en>Preferences</a><br>&nbsp;&nbsp;<a href=/language_tools?hl=en>Language Tools</a></font></td></tr><tr><td colspan=3 align=center><font size=-1>Search: <input id=all type=radio name=meta value="" checked><label for=all> the web</label><input id=cty type=radio name=meta value="cr=countryUK|countryGB" ><label for=cty>pages from the UK</label></font></td></tr></table></form><br><br><font size=-1><a href="/ads/">Advertising&nbsp;Programmes</a> - <a href=/services/>Business Solutions</a> - <a href=/intl/en/about.html>About Google</a> - <a href=http://www.google.co.uk/jobs/>We're Hiring</a> - <a href=http://www.google.com/ncr>Go to Google.com</a></font><p><font size=-2>&copy;2005 Google - Searching 8,058,044,651 web pages</font></p></center></body></html>

You've got cr3ative confused...

jscheuer1
04-10-2005, 08:03 PM
He meant the other Google. Anyways, one cheap way to get a similar yet different effect (for those in the audience, Google's source is as open as 99.99999999% of web), is to put one or more page(s) worth of whitespace at the top of your source code.

cr3ative
04-11-2005, 04:33 PM
He meant the other Google.

Aargh, this thread is confuzzling me? What other google?

I either use .co.uk because it's localised for me, or .co.ck because it's more fun. :p

-cr3

jscheuer1
04-11-2005, 05:44 PM
Sorry cr3,
Aargh, this thread is confuzzling me? What other google?I meant that as a joke, like "your other left" when giving directions. There is no Google I know of with that kind of source 'protection'.

Yesideez
04-25-2005, 04:09 PM
No. It is impossible.

Well how do they do it on here then?

http://www.bootleggers.us

If that link doesn't work try http://70.85.86.28/

If you register an account and log in then try viewing ANY of the source in Internet Explorer you get absolutely nothing.

cr3ative
04-25-2005, 05:18 PM
I can't believe I actually bothered to screenshoot how simple it is to get the source here.

IT'S A FRAMES PAGE, so you have to view the correct frame's source.

http://img11.echo.cx/img11/4295/screen0pq.gif

cr3ative


I hate compulsory registrations, so if anyone else feels like logging in, use mine:

user cr3ative
pass w77q5rac

mwinter
04-25-2005, 05:42 PM
Well how do they do it on here then?

http://www.bootleggers.usThey don't. I can still view the source. Want it? Here's the News page you see when you log in.



<html>
<head>
<title>Bootleggers :: v1.4 :: News</title>
<link rel="stylesheet" type="text/css" href="/includes/main.css">
</head>
<body bgcolor="#333333" text="#FFFFFF" topmargin="0">


<!-- //JavaCheck Updated by Nohau - Stops some scripts and stops people from being banned accidently. -->
<script language="JavaScript1.1" src="/framechecker.js"></script>

<table width="100%" border="0" cellpadding="0" cellspacing="0" bgcolor="#5C5C5C">

<tr><td><img src="http://www.bootleggers.us/l.gif" /></td>
<td width="100%" background="http://www.bootleggers.us/m.gif">

<center>
<marquee direction="up" scrollamount="1" height="40" width="100%">
<table border="0" cellspacing="0" cellpadding="0" bordercolor="black" width="80%" class="sub">


</table>
</marquee>
</center>

</td>
<td><img src="http://www.bootleggers.us/r.gif" /></td>
</tr>
</table>
<br />
<br /><center>
<table width=80% cellspacing=0 cellpadding=2 border=1 bordercolor=black class=sub2>
<tr>
<td colspan=2 class=header><center>11-17-2004 Update</center></td>
</tr>
<tr>
<td>
As many of you already know, the game was rolled back to Sunday, November 14, 2004 7 PM Boot Time. It was conducted in the wee hours of the morning, so if you have just logged in today and wondering why your money, rank, points are a lot lower, this is the reason why. Please don't message mods asking for them back (it sorta defeats the purpose of the rollback).<br />
<br />

The main reason for the rollback was to correct an OC bug that was giving people an extrordinary amount of exp. points that was causing people to rank very fast. Contrary to rumours, We did not roll back because of people complaining that they missed out on the OC.<br />
<br />
Also, there was another downtime today that was caused by the database server crashing. Hopefully, all the downtimes will be finished for quite some time and we can all concentrate on more important matters.<br />
<br />
At the moment, organized crimes has been disabled and we currently do not have an ETA when it will be back up. <br />
<br />
Since the database was also upgraded, there may be some bugs that crops up - please report any bugs that were not there before to the help desk<br />
<br />
For more info, check the "Rollback" topic in Game Forums<br />
<br />
I appreciate your patient and understanding. Thanks and have fun!

<br /><br />

<div align=right> - dreamnid</div>
</td>
</tr>
</table>
<br />

<table width=80% cellspacing=0 cellpadding=2 border=1 bordercolor=black class=sub2>
<tr>
<td colspan=2 class=header><center>Welcome Back</center></td>
</tr>
<tr>
<td>

Welcome back from the reset. Good luck!

<Br><br>

<div align=right> - BSF2000</div>
</td>
</tr>
</table>
</center>



<br /><br />
<center>

<table border="1" cellspacing="0" cellpadding="2" bordercolor="black" class="sub2">

<tr>
<td><b>Crew:</b> None</td>
<td><b>Rank:</b> Scum</td>
<td><b>Cash:</b> $1,500</td>

<td><b>Health:</b><td bgcolor=green width=100 align=center>100%</td><td class=sub2 width=0 align=center>&nbsp</td></td>
</tr>
<tr>
<td colspan=2><b>Gun:</b> None (0 Bullets)</td>
<td colspan=4><b>Protection:</b> None</td>

</tr>
</table>

<br>

<a href="http://www.bootleggers.us/agreement.php">Terms of Service</a>


</center>
</body>
</html>Some of the markup for these documents is truly atrocious, by the way.

Now will you let this sodding thread die!

Mike

Yesideez
04-30-2005, 11:38 PM
lol Sorry Mike - I can't do that! When I right-click in IE I get nothing on that game.

Okies... I'm shutting up now :)

Cosmic_Rhapsody
02-08-2006, 07:41 AM
Mwinter says
No. It is impossible. Anything that is publically accessible can be saved and viewed at the user's leisure, and there is nothing you can do about that.

In any case, nobody's mark-up is so special that it needs hiding or protecting.

I am assuming Mwinter means html code when he/she says Mark-up.

You say that nobody's mark-up is you special that it need hiding or protecting, what utter garbage, I am sure that there are thousands of innocent internet novices who have had bank accouts robbed simply because they followed a link in an email they received from their bank asking them to update information, and before you go into a barage about bank warnings I am aware that you do not login to your bank account from a link within an email but the simple reality is many people do either through ignorance or stupidity. I received an email this week from "my bank" 2nd hint the e-mail was bogus, was I dont have any accounts with the bank in question, I clicked on the link at the bottom of the e-mail after reading what the actual address was, the page that came up was identical to the actual banks page, as was the popup login page, I then did a view source on both pages, then went to the actual bank and did the same, apart from coding change so the bogus site had the required images loading, and to re direct login information the code was identical, any guesses as to where the code for the bogus page came from??

The sad reality is there is a very definate need to be able to hide source code in some instances. Why make it any easier for a thief to steal peoples money by making your source code available therefore making a bogus page look more genuine?

Twey
02-08-2006, 04:06 PM
I received an email this week from "my bank" 2nd hint the e-mail was bogus, was I dont have any accounts with the bank in question, I clicked on the link at the bottom of the e-mail after reading what the actual address was, the page that came up was identical to the actual banks page, as was the popup login page, I then did a view source on both pages, then went to the actual bank and did the same, apart from coding change so the bogus site had the required images loading, and to re direct login information the code was identical, any guesses as to where the code for the bogus page came from??Agreed, but the problem is that of the user, not the system. Both the browser and email client make it very clear where the user is being sent; if the user doesn't check, it's not a problem with the way HTML and HTTP work. If you forgot to lock your door and got burgled, would you blame the creators of your lock? Of course not. Education and vigilance is what's needed, not security through obscurity.

P.S. I tend to enjoy feeding such pages a few hundred email addresses from spampoison.com (http://www.spampoison.com/), with random passwords.

Krenath
03-03-2006, 04:17 PM
I find it fascinating how many people want to insist that protecting one's HTML source is possible despite so much proof to the contrary.

Simple fact: No matter what you do, no matter how much effort you put into it, you cannot hide your HTML from me. You cannot prevent me from copying your graphics.

Why is this? Well, the simplest explanation is this: In order to render your page in the browser, the browser itself has to understand it. At some point in the process of displaying your page, the HTML has to come to my computer, has to be interpreted by the browser. It is at this point that I can interrupt the process and view whatever I want.

If you use javascript to protect your page, I'll just disable javascript temporarily and view it anyway. I can always view the images and page source in my browser's cache file. I can always view the page source in a proxy program if I really want.

If you use Javascript to obscure your webpage such that javascript is required in order to display it, then I'll just grab the sourcecode that is sent to me and edit the javascript it sent until it performs its decoding and shows me the resulting HTML page. I don't have to hand that directly to the browser; I can just view that in a text editor and make sure it doesn't contain anything else that I don't want getting in my way.

If you use HTML, I can see it.
If you use Javascript, I can edit it before my browser sees it and disable or cripple it.
If you disable my context menu, I can re-enable it.

But there's *one* thing you can do to avoid having me attempt any of this: Don't bother trying to disable parts of my browser. Generally speaking, I don't care about your HTML. It's not that innovative and I normally don't care one bit how clever you think you are. Leave my browser alone and I'll leave your source and images alone.

Oh, Cosmic_Rhapsody, here's a little wakeup call for you. If you put your username and passwords in your webpages, attempting to hide the source is like hiding your head in the sand. It will not protect you, it'll just fool you into thinking you're protected. The thieves won't be slowed down at all.

Twey
03-03-2006, 05:03 PM
Bluntly put... but accurate.

kitten2781
04-03-2007, 05:27 PM
I'm probably adding salt to the wound, but I've come across a security issue with viewing source. It's quite simple to fix: I just leave the confidential code off the page, but I just don't want to. Is there a way that when a user "views" the source code, it displays different code? Or a message in the text file?

Twey
04-03-2007, 05:33 PM
To repeat what everyone else here has been saying, no.

What you have to understand is that the source isn't some magical accessory to the page, it is the page. If you alter the source, you alter the page, and if the user can't access the source, the user can't access the page.

djr33
04-06-2007, 04:05 PM
For the bank thing, that's like making copy-proof business cards, so no one can claim to be a bank agent :p

hall_n_a
12-22-2007, 09:28 PM
Sorry Mike...seeing this thread resurected prolly made your skin crawl :)
However, if I'm wrong please let me know. "Impossible" is a strong word with me too, so I had to jump in on this.

Anyway, there is a method (although un-pretty) to make your highly valuable page that must be protected...well, protected. And I know most of you just overlooked it as it's not practical for a complete site.

You simply make the page(s) in Acrobat Professional, then set your permissions like I did in the attached screenshot. It's pretty dang safe since Acrobat won't even allow OCR or paper printing with these security settings.

Twey
12-22-2007, 09:30 PM
That's a) pretty easily breakable and b) not a website :)

hall_n_a
12-22-2007, 09:32 PM
Okay. Can you share how its easily breakable? I use a 30+ char passphrase, and since most pass crackers can't handle anything over 24 char, I'm interested?

I already said it was impractical...however it would work fine for a single page that needs protected.

djr33
12-22-2007, 09:44 PM
It's breakable.

Copying for accessibility is allowed, so just code a plugin that reads the source code to a blind person.

Do a screen capture, then print (not that this shows the source).

It's not html, as twey says.

And in any html format, you'd have the password as part of the source anyway.

Plus, what would you hope to gain? Protect the source code of something that is just, in essence, an image?

You can't get the source code for an image. Just post that on your site.

But that doesn't mean it's possible to stop someone from saving that image, nor from saving the (yes, limited) source code.

hall_n_a
12-22-2007, 10:00 PM
Yes, it's true you could get the text from a screen reader for the impaired, but not many folks have one. And, like you said, you just get text if you do have one.

This approach comes in handy though when building affiliate sales pages that are easily copied, affiliate id's replaced, and uploaded to a new name space without ANY work at all. They can't do that if you're using a .pdf landing page without great effort. It then (usually) becomes much easier to steal from someone else, while remaining equally effective as a 1 page sales pitch, complete with unchangeable aff links...

...but I get your HTML point.

I simply thought I would share this method in case someone else came accross this thread as I did, and was left thinking they had no options at all.

H

Twey
12-22-2007, 10:00 PM
Okay. Can you share how its easily breakable? I use a 30+ char passphrase, and since most pass crackers can't handle anything over 24 char, I'm interested?If it's readable, then it's already been broken. All that's necessary is to pipe the decrypted data to some other device, e.g. a printer or a file, rather than the screen. Most PDF readers other than Adobe's one simply ignore Adobe's permissions system.

hall_n_a
12-22-2007, 10:21 PM
If it's readable, then it's already been broken.

Again, that statement is misleading. The security of the file is not compromised just because you can read the text inside it.

Printing that text on to a piece of paper from your printer is going to make the whole FTP thing to the thiefs server a real pain too. These guys are lazy and looking for a copy/paste solution about 99% of the time

What is your definition of a secure web page Twey?

Mine is "a page that the source code (not textual content) cannot be easily altered", as in my above example of an affiliate sales page.

Just because you can look at the inside of a vault full of cash through a thick glass window, doesn't mean you can get to the money.

I'm done now :)
Peace!

Twey
12-22-2007, 10:58 PM
Again, that statement is misleading. The security of the file is not compromised just because you can read the text inside it.Of course it is. This thread is talking about giving the user a page but not letting them see the source (believing that this will prevent them printing, saving, &c. the page). The posters here do not seem to realise that this is an inherently futile goal because the page is the source: it is impossible to give the user one without the other. PDF is no exception. You can encrypt it with a passphrase, but in order to view the content, the user must have access to the decrypted file, with which they can also do anything else that takes their fancy -- save, print, &c.
Printing that text on to a piece of paper from your printer is going to make the whole FTP thing to the thiefs server a real pain too. These guys are lazy and looking for a copy/paste solution about 99% of the timeHuh? Who said anything about uploading it to another server?
Mine is "a page that the source code (not textual content) cannot be easily altered", as in my above example of an affiliate sales page.It can't anyway. The page is on your server; the only way that somebody can alter it is by breaking into your server.
Just because you can look at the inside of a vault full of cash through a thick glass window, doesn't mean you can get to the money.No; however, if you give the money out to people you can't technologically stop them from showing it to other people. Physical analogies are inaccurate here, though, since we're talking about information. To construct a more accurate analogy, we'd have to say that it's impossible to show someone the money and then prevent them from drawing pictures of it, or something else involving the information about what that money looked like. This is obviously a very awkward metaphor.

hall_n_a
12-22-2007, 11:37 PM
Huh? Who said anything about uploading it to another server?
How else would stealing source code be of any benefit? Hey, I'll take a hit of that shitt too!

Sure, anyone can copy my .pdf to their computer, but they can't upload it to their own server and use my work without changing the links first (aka - source code), unless they just want to generate free traffic/sales for me...GREAT!


It can't anyway. The page is on your server; the only way that somebody can alter it is by breaking into your server.
BS. They don't need to break in to my server Twey...this is about stealing source code...c'mon man

djr33
12-23-2007, 12:06 AM
You brought up altering the page, not copying it. Twey's response is accurate.

Twey
12-23-2007, 12:25 AM
How else would stealing source code be of any benefit?I was merely puzzled as to why you brought this up. It would be just as easy as saving to a local file.
Sure, anyone can copy my .pdf to their computer, but they can't upload it to their own server and use my work without changing the links firstRight... and? They can still change the links.

hall_n_a
12-23-2007, 12:48 AM
Okay Twey. I propose a challenge then.

I'll create an encrypted .pdf with an administrative comment note to you included in the file. You can prove me wrong by quoting the private comment to you (it will be in the source code) that is "easily defeated" correct?

Well, it will be the same level of difficulty as changing one of my links. Both are just in the source code of the file, right?

Let me know, and I'll upload the encrypted file here for you to demonstrate these simple skillz if you accept the challenge.

To ensure I'm being honest, I'll post the answer (my comment to you) in a post on an undisclosed forum pending surrender, then we can use the time stamp to prove it was posted within 30 minutes of uploading this .pdf file.

djr33
12-23-2007, 01:04 AM
I'll create an encrypted .pdf with an administrative comment note to you included in the file. You can prove me wrong by quoting the private comment to you (it will be in the source code) that is "easily defeated" correct?
What does this have to do with a webpage? PDFs are not html.

On the other hand, I'd like to see such a challenge.

However, I think you should add some information as to what he should look for, such as "a name of an undersea creature", etc.

Twey
12-23-2007, 01:22 AM
I'll create an encrypted .pdf with an administrative comment note to you included in the file. You can prove me wrong by quoting the private comment to you (it will be in the source code) that is "easily defeated" correct?I'm not entirely sure if I have anything that can read "administrative comments" (I don't work with PDF all that much, and I wasn't certain that it even had a source code: isn't it a binary format?). I can upload the decrypted version if you like, though. It's quite late right now, though, so I'd prefer if you uploaded it tomorrow.

hall_n_a
12-23-2007, 01:22 AM
Hmm...good point. I can do that if he accepts.

It doesn't have a darn thing to do with html, but it could and has served as a solution to protect a single page, or maybe at most, a few pages where you don't want people to download and change your words (like in a legal document) or your business information (like in an affiliate's site) for a certain portion of your web property.

I only went to this extreme because of the refusal to even consider the validity of this solution for some peoples situation or particular need.

I don't like to be dismissed when I know I'm right...that's all.

djr33
12-23-2007, 01:34 AM
But the discussion is about disabling source code OF WEBPAGES.

You can obviously create the "source code" for a car, construct that car, and no one will be able to figure out what the "code" (instructions) were to create the car (perhaps, through reverse engineering, even), but that has nothing to do with HTML.

This doesn't apply on a webpage.

And, if you do want to fully protect the "text" so people can't steal it, just save as an image and embed on your page... which is silly.

There are two reasons people want to steal/protect source code:
1. "Special" source code is present, and it is protected because it is desired.
2. It is an attempt to hide how some content is added, so people cannot steal this content.

The second reason is impossible, as you can always determine where content is coming from, and then find a way to save it.

The first is also not fixed with your solution, as that is simply creating the content another way. You are making it with a PDF, or as I said an image, so it's not like you're using HTML anyway. You didn't protect your html source-- you did the other way of not letting your visitor view it-- you didn't upload html. Instead, you used PDFs.

Certainly there are some secure formats. But I don't see an advantage in using a non-html secure format, and it does NOT answer the question or prove any assertion wrong that it is impossible hide source code [of html].

A pdf is not a webpage. So, however complex/secure it may be, that doesn't mean it's solving the original question/"problem".

BLiZZaRD
12-23-2007, 02:57 PM
a few pages where you don't want people to download and change your words


Again, this isn't about that, it's about opening your web browser, going to a page and viewing the source code.

Which you can do with a PDF as well ;)

And I could tae your PDF from your server, copy it verbatim and change the links and put it on my server in about 10 minutes, if I had the need.

Which is what Twey's point was (one of his points). If you put it on line and I can see it, I can take it. I can change it I can make it my own.

The difficulty level can be raised to discourage me, but it can't stop me.

cherylEZ
02-04-2009, 10:42 PM
I found a site where you cannot view source...and it's a well known site:

http://getresponse.com

So how are they disabling the browser from viewing source?

I also found a program called Guardian which is free for personal use...anyone ever used that? They actually encrypt the pages for you...images and all.

Nile
02-04-2009, 10:47 PM
Looks like the source to me... (http://localhostr.com/files/0b778c/capture.png)

djr33
02-04-2009, 10:48 PM
I just looked at the source for the page in your link. It worked fine. It is not hidden.

cherylEZ
02-04-2009, 11:20 PM
Maybe I should have said I am using IE7...what did you use to view it...I don't get the usual notepad to come up?

Nile
02-05-2009, 12:25 AM
Weird. I'm using Google Chrom (http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha)e.

robin9000
02-05-2009, 05:15 PM
I would have to agree that you can't hide data from someone, if they want to get it, they will find a way to get it. It's as simple as that.

JVposter
02-20-2009, 02:24 PM
is there a script that will disable view source altogether?

the script exists but works only in IE in firefox and other browsers is useless.

You can to make your site viewable in IE only but it is not a good ideea... you will lose to much visitors

regards,

Omnilord
08-17-2010, 05:56 PM
Ultimately, if you are working with a public web page, you will never be able to hide the source code because the data has to be sent to the browser, and the browser could very well be a custom build designed to dissect web pages.

The only way to secure your source code is to not send it at all. This would involve a custom browser (or an authentication plug-in to existing browsers) that performs some sort of handshake with the server before the server will send data across. But this all requires pre-determined functionality, custom builds, and is certainly not publicly accessible.

djr33
08-17-2010, 06:23 PM
But even with that, approved users would still be able to save the source code: again, if you can view it, you can save it.

Obviously a login system could perform the same function: only approved users can access the pages. But then they can save the code, also...

traq
08-17-2010, 08:31 PM
you could start a service where people publish their sites on a secure server, not connected to the internet, and then you take a video of the website and post it to a live, streaming video feed. Users could log in and pay a fee to ask you to click on things for them.

Beverleyh
08-17-2010, 11:14 PM
*ROTLF*
I don't know whether to laugh or cry - maybe i'll do both - the video idea is just too funny to NOT have that effect. (no offence intended)

Beverleyh
08-17-2010, 11:18 PM
Sorry, I hadn't composed myself properly. I mean " *ROTFL* "
(also a 2nd sorry for not being able to edit my previous post - limited usability on my phone)

jscheuer1
08-18-2010, 12:13 AM
It is pretty funny. But isn't that what they said about Google, Twitter, and Facebook?

traq - When they make the movie of your life story, who do you want them to have play you?

traq
08-18-2010, 02:25 AM
*ROTLF*
I don't know whether to laugh or cry - maybe i'll do both - the video idea is just too funny to NOT have that effect. (no offence intended)
and what makes you think it was a joke?!??. :p

It is pretty funny. But isn't that what they said about Google, Twitter, and Facebook?

traq - When they make the movie of your life story, who do you want them to have play you?
oh, I dunno, whoever will give me their royalties. my wife says I look like Keanu Reeves

djr33
08-18-2010, 05:32 AM
It could be simpler than that. It could be a service called "hide-my-source" that takes code, generates a screen capture from a popular browser, then posts it to the site.
Of course that wouldn't do much for stopping people from saving images if that's part of the issue.
Nor would it allow active Javascript on the page.

Perhaps this is where flash needs to enter: someone can create a flash "browser" that can load html pages and display them while not releasing the source code. Of course the code would have to sit somewhere, but it could be done serverside and a swf could be generated.


But at this point, I must ask.... why?