PDA

View Full Version : how to disable view source



punisher8214
04-05-2005, 01:20 AM
hi!!! can you help me plsssss... i just wanna know how to disabble the source code i mean not just when you right click the mouse. i have a code that well disabble when you right click your mouse, and i want the whole source code will disabble so that all my visitors cant view my source code.. anyone plsssssss i rely need your help...thanx

jscheuer1
04-05-2005, 06:33 AM
Skinny on this is, don't bother. Honest folks won't steal it and those that are bent on acquiring it can, no matter what you do.

cr3ative
04-05-2005, 07:26 AM
i have a code that well disabble when you right click your mouse

And I have Firefox. Therefore, I can right-click.

Anyway, the end of the story is:
Anything you put online is subject to being stolen, disassembled and analyzed.

If your HTML is so special you feel the need to protect it, don't put it online :)

cr3ative

mattZ
04-05-2005, 09:46 PM
The source code compiler may be of use to you. You can find it at http://www.dynamicdrive.com/dynamicindex9/encrypter.htm. It is still possible to unscramble the scource code (and actually very easy if you know what you're doing,) but it is about as much as you can do.

mwinter
04-06-2005, 11:56 AM
The source code compiler may be of use to you.Please don't mention junk like that. It doesn't work and just makes a document reliant on scripting for no actual gain.

Mike

taylorphoto
11-29-2005, 03:28 PM
WOW! ALL those responses and not ONE that told how to do what the person wanted. AMAZING!

(yes i know my response doesn't either. i was searching for the same thing he was and thought the "brilliant" (used VERY loosely) minds would have the answer. I WAS WRONG!)

mwinter
11-29-2005, 05:51 PM
WOW! ALL those responses and not ONE that told how to do what the person wanted. AMAZING!Did you consider that it's not possible to do what the person wanted? Evidentially not.

With the exception of the post from mattZ, the OP was given honest and accurate advice.


[I] thought the "brilliant" (used VERY loosely) minds would have the answer.Insulting regular posters to this forum wouldn't seem a very intelligent thing to do. Especially if you want help from any of them now, or in the future.


I WAS WRONG!No, you just don't recognise an answer when you read it.

Mike

Twey
11-29-2005, 06:29 PM
1) You don't need to.
2) You can't.
3) Any attempts at doing so will more likely mess up your page than do any good.
4) This is what copyright is for. (OK, that's a bit of an extension to 1), but I felt it needed its own point.)

execute
12-03-2005, 02:41 AM
For fun, although it isn't a good thing to actually hide javascript, i have -for fun- attempted to disable all access.
Heres what i did:
- made js files be parsed by PHP
- used MOD-Rewrite in htaccess to disable outside sources from connecting to my JS
- and obviously linked to an external JS rather than writing it in the html source.
- I also set headers to not cache the JS file

The following steps made it 99% impossible to steal a JS file, however, all a person had to do was go to the JS file, although since its parsed you see a blank page and you cant download it, you can view source it and see the code again (so it didn't technically work, but it would block out 90% of idiots who try to steal it).

Not only that, but when you have PHP engine parsing your JS file, you cause errors in your JS even when you set headers to disguise it, JS files seemed to break (so it didnt work good).

The only true way to disguise a JS file is to encrypt it using an encryption program. (it also saves space and compresses your JS files). So then only someone who has the decrypter can decrypt it.

BasicaLLY: If you put it online, there will be someone who can steal it ALWAYS, its impossible to hide anything, and in the WEB there is always a way to break/decode/hack anything, just depends on who bothers trying.

Twey
12-03-2005, 07:04 AM
The problem with your JS file is probably that the Content-Type header was being sent as "text/html" rather than "text/javascript." A simple
<?php header("Content-Type: text/javascript"); ?> at the top of your file should fix that.
- used MOD-Rewrite in htaccess to disable outside sources from connecting to my JSHow? The only way I know of to do this is using the Referer: header, which I certainly hope you wouldn't do as it would break your page for anyone behind a proxy or firewall that strips this header (and many do).

execute
12-05-2005, 11:03 PM
The problem with your JS file is probably that the Content-Type header was being sent as "text/html" rather than "text/javascript." A simple
<?php header("Content-Type: text/javascript"); ?> at the top of your file should fix that.How? The only way I know of to do this is using the Referer: header, which I certainly hope you wouldn't do as it would break your page for anyone behind a proxy or firewall that strips this header (and many do).

I did that already, i told you i disguised the Javascript with headers, problem is the javascript breaks on certain large JS scripts, (its really wierd, only happens on some scripts).

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.biz/.*$ [NC]
RewriteRule \.(js|gif|jpg)$ - [F]

I dont know too much about Rewrite URL. (im wondering if there is a way to strip Trans session IDs (Session IDs in every page because of stupid host) with URL rewrite tho).

Just a rewrite thing to disable people from direct linking to your script with "src". But obviously not efficient or good.

Twey
12-06-2005, 06:05 PM
I did that already, i told you i disguised the Javascript with headersI doubt if you did what I suggested, as setting the Content-Type header properly would certainly not "disguise" anything. Would you like to link, so I can have a look?

execute
12-06-2005, 09:58 PM
hmmm... what are you talking about?

I had done this disguising a long time ago so i dont have a link to it, because its a crappy way of doing things, and causes errors, thus i have deleted it.

<?php
header("content-type: text/javascript");
// some php code
echo '<script>//JS</script>';
?>

You're saying this is not disguising? You're using headers to disguise php code and embed javascript.... I call it disguising.

mwinter
12-06-2005, 11:43 PM
echo '<script>//JS</script>';I hope you aren't implying that the start and end tags of a script element should be included in a script file.


You're saying this is not disguising?Absolutely.


You're using headers to disguise php code and embed javascriptNo, you're using PHP to output script code, setting headers to reflect that fact. How does:



<script type="text/javascript" src="/path/to/script.php"></script>
possibly disguise that script.php generates a script?

As for an earlier remark:


The only true way to disguise a JS file is to encrypt it using an encryption program.I assume you're referring to an obfuscator. That isn't security: it can still be reverse engineered. That said, knowing the quality of many scripts on the Web, it isn't worth trying. ;)

Mike

execute
12-07-2005, 09:35 PM
1. I was typing fast and didn't feel like typing javascript code.
2. Wrong
3. No, using headers, to show that this is javascript, is pretty much disguising. I'm sorry i used that word, and sorry you don't understand. But what you are saying is wrong: I'm not using PHP to output the source code. That wouldn't make the source code work. I'm outputting code disguising it as javascript so that it works that way. So pretty much if i say header("content-type: text/javascript"); That means im disguising something as javascript. Because it is a header. I'm sorry if you never used headers before, but changing the content-type of a file, is pretty much disguising it as something its not.

No, im referring to an encrypter, obfuscator renames variables and makes it very hard to read. Compressing it-obfuscating-and crunching the white space, is the type of encryption im talking about. Yes it is pretty good security, as not many people will try to find a way to decrypt it. Yeah, how many people can reverse engineer an encrypted code from scratch. It isn't worth trying, thats why i said its a good security, but if you read my post clearly, you would know i told you its not 100% safe, as it can be decrypted.

Bottom line: Don't try to hide your JS, it is not really worth it.

WideNationFA
12-08-2005, 03:19 PM
Well..lets see....
AS for the previous link on encrypting.. Everyone's right, it won't work but it is the best you can do. People can probably steal the encryption.
In general, there is nothing you can do to diable the viewing of the sourcenessnessness. I'm still curious and am wondering why you must disable the source?
If you want, there is a script out there that when the source is copied to another page, all it says is "I STEAL BANDWIDTH!" or something of that type.

As for everyone else, why all the arguing? The fact is, the link is deleted. There is no page with all the JS disguised in his headers! Not anymore. Unless he has another page to show us all...

Twey
12-08-2005, 04:49 PM
(sigh)
1) So just the "// JS" would have been fine :)
2) Not wrong. Unless you would count "disguising" Javascript as Javascript. I wouldn't.
3) I quote: "to show that this is Javascript." If it weren't Javascript, then I could understand (loosely) why you'd call it "disguising." However, showing something to be what it is is most certainly not "disguising."
changing the content-type of a file, is pretty much disguising it as something its not.Not when the Content-Type you're sending does, in fact, match the content.
No, im referring to an encrypter, obfuscator renames variables and makes it very hard to read. Compressing it-obfuscating-and crunching the white space, is the type of encryption im talking about. Yes it is pretty good security, as not many people will try to find a way to decrypt it. Yeah, how many people can reverse engineer an encrypted code from scratch. It isn't worth trying, thats why i said its a good security, but if you read my post clearly, you would know i told you its not 100% safe, as it can be decrypted.I suppose that substituting ASCII values for characters could be called encryption, but any cryptographers reading this would have a fit at the suggestion :p It is to "true" encryption what looking at the pictures is to reading a book.
I'm not using PHP to output the source code.If it's in a .php file, it's being parsed by a PHP engine, and PHP is being used to output the code. It doesn't matter if this code was originally generated by PHP or not.
it won't work but it is the best you can do.No, the best you can do is to leave your code as it is. Using Javascript to obfuscate your code (a word, by the way, execute, which merely means "to make difficult to read," which is all reversible no-key encryption does) will leave you worse off that you were before, as all sorts of problems will arise, not least the fact that non-JS browsers won't be able to see any of your page.
In general, there is nothing you can do to diable the viewing of the sourcenessnessness. I'm still curious and am wondering why you must disable the source?Sourcenessnessness? :) However, both points are correct.

weejy
01-15-2007, 11:46 PM
Let's re-phrase the original question ;)

I've come across sites where the "view source" from the dropdown of IE is greyed-out. How do I they do that?:eek:

djr33
01-15-2007, 11:55 PM
I don't know... perhaps someone will.
But why?
It's still very possible to get around, and anyone who wants to do so will. Anyone who would otherwise be stopped won't be a threat to your site because they aren't very good at hacking, so likely aren't doing anything harmful. The only thing they'd do is maybe look at your source to see what you did to code something, etc. Nothing harmful.

Twey
01-16-2007, 12:10 AM
This certainly shouldn't be possible. If you have seen such a thing, I would presume that the whole site was one big image or something along those lines.

djr33
01-16-2007, 12:12 AM
Hmmm... or maybe it was screwing with IE. Firefox almost always allows view source, no matter what type of file (I think... from what I've seen). Using some weird header or something might have made IE think it was an image, for example, and then had it not allow that. Interesting, but not a good idea... more harm than help.... and, remember, no help.

BLiZZaRD
01-16-2007, 05:56 AM
I don't know if it was coding or just a mistake or what, but I have seen this before as well. It was done when there were multiple Frames on the page. The view source option was grayed out/not selectable. Of course you could right-click on any frame and choose view frame source.

md123
01-29-2007, 11:25 AM
I don't know if it was coding or just a mistake or what, but I have seen this before as well. It was done when there were multiple Frames on the page. The view source option was grayed out/not selectable. Of course you could right-click on any frame and choose view frame source.


I know this is possible in windows/internet explorer by tweaking the registry settings in windows. This could make sense in an office/intranet situation (why I wouldnt know), but obviously not something that would be possible to accomplish with a script on your webpage, well . . . short of having the user download a script which alters their registry settings, but that's just plum crazy. There may be ways to do it 'on the fly' but I don't know how.

mburt
01-29-2007, 11:33 AM
In my opinion, hiding your html content (if you can) is only annoying to the user. If he/she wants to view the code, he/she should be allowed to. As cr3ative said anything on the net is subject to being stolen/aquired/etc.
This obviously isn't an option in todays' internet browsers. It might be fine for Internet Explorer, but it could really mess up your content.

ches
01-30-2007, 11:20 AM
It is impossible to hide html/javascript source code
--end of argument--

If you want the source to be used, it must be there.
your html will not show unless it is there
your javascript will not load unless if it is there

Even if you do find a way of preventing people from pressing the viewsource button on IE or any other browser because of a bug or the way the browser acts...or whatever, it doesn't mean that the source is "hidden".

djr33
01-31-2007, 01:46 AM
Blizzard, I'm guessing that the most probable reason, then, is that IE (unlike FF) disables view source for images and other files that don't have viewable source code. Likely, it was a frameset page and there WASN'T any data to view as source, except the frameset, which IE might not think is worth showing. But, then again, I don't know if this is the case.

Still, it's quite possible in that situation to find the source. Easy answer there... use FF.

joeygurl
05-01-2007, 07:29 PM
The view source from both dropdown & context menu is automatically grayed-out if you run your page using ssl (https). So far, I haven't heard of any codes to do this.

djr33
05-01-2007, 08:10 PM
Still quite easy to get around, I'm sure.

Twey
05-01-2007, 08:12 PM
Not on any browser I've tried, it hasn't been...

djr33
05-01-2007, 08:13 PM
I agree, but whatever. Even if it was, it would still be quite possible to get around.

Link us, if you'd like us to show you.

prabackar
10-11-2007, 03:55 PM
http://www.istockphoto.com

so it is possbile....:D

Twey
10-11-2007, 04:39 PM
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="description" content="Search our royalty free stock images and photos or browse a giant selection of stock photography. Purchase royalty free stock photos at iStockphoto.com.">
<meta name="keywords" content="stock photography, photo search, digital stock photography, stock photos, stock image, photos, stock pictures, photos, photo search, digital stock, royalty free, royaltyfree, online photos, photography, istockphoto, high resolution, stock photo">

<link type="text/css" href="css/passthru/1191536230/frontpage.css" rel="stylesheet" />

<!-- www.istockphoto.com was pleased to serve you today -->

<script language="javascript" src="/cacheserial/1191536231/js/scriptaculous/lib/prototype.js" type="text/javascript"></script>
<script language="javascript" src="/cacheserial/1191536231/js/utility.js" type="text/javascript"></script>
<script language="javascript" src="/cacheserial/1191536231/js/search.js" type="text/javascript"></script>
<script language="javascript" src="/cacheserial/1191536231/js/styleswitcher.js" type="text/javascript"></script>
<script language="javascript" src="/cacheserial/1191536231/js/dom.js" type="text/javascript"></script>
<script language="javascript" src="/cacheserial/1191536231/js/ajax_util.js" type="text/javascript"></script>
<script language="javascript" src="/cacheserial/1191536231/js/scriptaculous/src/scriptaculous.js" type="text/javascript"></script>
<script language="javascript" src="/cacheserial/1191536231/js/ajax_frontpagesearchfilters.js" type="text/javascript"></script>
<script language="javascript" src="/cacheserial/1191536231/js/sifr.js" type="text/javascript"></script>
<script language="javascript" src="/cacheserial/1191536231/js/marquee.js" type="text/javascript"></script>
<script language="javascript" src="/cacheserial/1191536231/js/frontpage_xml.js" type="text/javascript"></script>


<script type="text/javascript"><!--



function sethoveron(){
hover = 1;
//alert('on');
}

function sethoveroff(){
hover = 0;
//alert('off');
}



//--></script>
<!-- ... snip ... -->no....:D

djr33
10-11-2007, 06:20 PM
istockphoto has watermarks. Why? SO PEOPLE DON'T STEAL THEM.
It also is a very low resolution image. Why? So people don't steal them.

It requires a purchase to access the full quality image for download. HOWEVER, this does NOT secure the file in that, once accessed by a paying customer, that customer could take the image (as with anything seen on a webpage) and redistribute it, save it, copy it, etc. (Not legal, but quite possible to do, technically.)

The only security is the limited access downloads, based on paying, and hoping that no one who does purchase it will redistribute it or that they can take legal action against such parties.

Twey
10-11-2007, 07:34 PM
The best defence against content 'thieves' is a good lawyer. Technologies like watermarks can help somewhat in his work, though.

djr33
10-11-2007, 07:53 PM
I wouldn't consider a watermark a technology-- more just common sense. Small resolution and damaged images aren't worth much. Makes sense, if you're worried about people stealing it.

Twey
10-11-2007, 08:08 PM
There are some very mathematical methods of applying watermarks.

djr33
10-11-2007, 09:16 PM
And there are some very mathematical ways of applying grammar. But that's not a technology.
Sure, there are some technological solutions that help apply watermarks well, but all you need for the effect is the paint brush tool and about 4 seconds to scribble. There are better ways to do this so the product looks better in the end, but the result is the same-- an unusable image.

Twey
10-11-2007, 10:43 PM
And there are some very mathematical ways of applying grammar. But that's not a technology.Of course it is. It's a very complex invention. Your definition of 'technology' is necessary, perhaps.

djr33
10-12-2007, 03:59 AM
Hmm... a technical method for doing something? Alright //shrug :p

jscheuer1
10-12-2007, 06:48 AM
Fagetaboutit.

revtom
11-25-2007, 03:31 PM
Hi

Think Ive got the only solution and if you can use DHTML or HMTL then there shouldnt be a problem.

To prevent people ripping youre source off then you may have to use PHP.

Ive developed this site http://www.revellin.com and if you have a look you can see what I mean.

Most of the source is visible in the view source section BUT not the elements which are not already visible, meaning not the tables and images and of course met tags for searches.

BUT the database location file is hidden! --- also some other files.
They are included in the body document by using the php include command

php?>
include ("filename.ext");
<?

You can inbed this is html. ALSO the file should be vicible by locating there url eg
http://www.revellin.com/includes/top.php

This will show a page up but it will be blank and nothing will be viewable in the source!!!!!!!!!!!

So basically use PHP as long as the contents is SCRIPTED in PHP and not visible in the browser window normally then you can hide it.

Hope that goes some way to solving the problem.:)

BLiZZaRD
11-25-2007, 04:17 PM
But it doesn't. If you want something viewable on the page, it is in the source code. Sure not your script, if written in any server side language, but the output of said script is there.

You can't see top.php because there is no output. Fat lot of good it would do to have a website with no page output. Yay, let's go look at blank pages! ;)

The fact remains you can't hide the source code. If you see something on the page you want, it is in the source code.



BUT not the elements which are not already visible, meaning not the tables and images and of course met tags for searches


Nope they are all there, I can pull up individual pictures from that page, just by looking at your source code.

djr33
11-25-2007, 09:25 PM
<td valign="top">
<iframe src="http://context5.kanoodle.com/cgi-bin/ctpub_adserv.cgi?id=86676156&amp;site_id=86676157&amp;format=conly&amp;bgcl=ffffff&amp;bdcl=000000&amp;tlcl=0026ff&amp;ttcl=000000&amp;ulcl=1d9100&amp;render=1&amp;ts=1196025728&amp;th=3f1ee2a6f6e6fea 5fd3c055f03e8a9c7&amp;msns=&amp;kcount=1&amp;ref=http%3A//www.revellin.com/" marginheight="0" marginwidth="0" leftmargin="0" topmargin="0" style="display: none;" frameborder="0" height="0" scrolling="no" width="0"></iframe>






<table width="100%"><!-- #BeginEditable "CODE" -->
<tbody>
<tr>
<td width="100%">

<table align="center" border="0" cellpadding="0" cellspacing="0" width="780">
<tbody>
<tr></tr>

</tbody></table><table align="center" border="0" width="100%">
<tbody><tr>
<th colspan="2" scope="col" bgcolor="#666666"><div align="left"><a href="http://www.revellin.com" class="style1 style6">revellin.com</a></div></th>
</tr>
<tr>
<th scope="col" align="left" height="141" width="33%">

<div align="left">
<!-- START CODE -->
<div id="ysrchForm" style="border: 1px solid rgb(126, 157, 185); margin: 0pt auto; padding: 20px; background: rgb(255, 255, 255) none repeat scroll 0%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial; width: 300px; position: relative;">

<form id="searchBoxForm_U0c208bfb8affb15908f1" action="http://builder.search.yahoo.com/a/bouncer" style="padding: 0pt;">
<input name="mobid" value="U0c208bfb8affb15908f1" type="hidden">
<input name="ei" value="UTF-8" type="hidden"><input name="fr" value="ystg-c" type="hidden"><div style="padding: 0pt 80px 0pt 0pt;">
<input id="searchTerm" onfocus="this.style.background='#fff';" onblur="if(this.value=='')this.style.background='#fff url(http://us.i1.yimg.com/us.yimg.com/i/us/sch/gr/horiz_pwrlogo_red2.gif) 3px center no-repeat'" name="p" style="border: 1px solid rgb(126, 157, 185); margin: 1px 0pt; padding: 0px 3px; background: rgb(255, 255, 255) url(http://us.i1.yimg.com/us.yimg.com/i/us/sch/gr/horiz_pwrlogo_red2.gif) no-repeat scroll 3px center; width: 100%; color: rgb(102, 102, 102); height: 18px; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial; position: relative;" type="text">
<input id="btn_U0c208bfb8affb15908f1" value="Search" style="margin: 0px; padding-bottom: 2px; position: absolute; right: 20px; top: 20px; height: 22px; width: 65px;" type="submit">
</div><ul style="margin: 0pt; padding: 0pt; color: rgb(102, 102, 102); font-family: normal Arial,Helvetica,sans-serif; font-style: normal; font-variant: normal; font-weight: normal; font-size: 11px; line-height: 11px; font-size-adjust: none; font-stretch: normal; text-align: left; list-style-type: none;"><li style="display: inline; padding-right: 10px;">
<input name="mobvs" id="site_U0c208bfb8affb15908f1" value="1" onclick='displayPopSearch("site","U0c208bfb8affb15908f1");' checked="checked" style="vertical-align: middle; margin-right: 5px;" type="radio">
<label for="site_U0c208bfb8affb15908f1" style="display: inline; vertical-align: middle; padding-top: 2px;">this Site</label>
</li><li style="display: inline; padding-right: 10px;">
<input name="mobvs" id="news_U0c208bfb8affb15908f1" value="news" onclick='displayPopSearch("news","U0c208bfb8affb15908f1");' style="vertical-align: middle; margin-right: 5px;" type="radio">

<label for="news_U0c208bfb8affb15908f1" style="display: inline; vertical-align: middle; padding-top: 2px;">News</label>
</li></ul></form></div>
</div>
</th>
<th scope="col" align="center" valign="middle"><div align="center">
<script type="text/javascript">
var uri = 'http://imp.tradedoubler.com/imp?type(js)pool(232442)a(1446508)' + new String (Math.random()).substring (2, 11);
document.write('<sc'+'ript type="text/javascript" src="'+uri+'" charset="ISO-8859-1"></sc'+'ript>');
</script><script type="text/javascript" src="http://imp.tradedoubler.com/imp?type%28js%29pool%28232442%29a%281446508%29555781900" charset="ISO-8859-1"></script><a href="http://clk.tradedoubler.com/click?p=48122&amp;a=1446508&amp;g=16417972&amp;pools=232442" target="_blank"><img src="http://uk2.net/creative/banners/may07/free_setup/domain_names/468x60.gif" title="UK2.net" border="0"></a> </div></th>
</tr>
</tbody></table>
</td></tr></tbody><tbody>

<tr>
<td><table class="white" align="center" border="0" width="100%">
<tbody>
<tr>
<td class="nav" align="center" bgcolor="#666666" valign="center">

<div align="center">
<span class="style2"><a href="index.php" class="style6">Home</a>&nbsp;</span>|
<span class="style6"><a href="browse.php" class="style6">Browse</a>&nbsp;| <a href="rate_photos.php" class="style6">Rate Photos</a> | <a class="style6" href="polls.php">Polls - New</a>&nbsp;|</span> <span class="style6"><a href="most_popular.php" class="nav style2 style3">Popular</a>&nbsp;| <a href="blog.php" class="style6">Blog</a></span>&nbsp;|

<a href="chat_signup.php" class="style6">Chat</a> |

<a href="view_bookmarks.php?page=1" class="nav style3 style11">Bookmarks</a><span class="style11">&nbsp;| </span><span class="style6"><a href="message_board.php" class="nav style3 style2">Forum</a>&nbsp;| <a href="groups.php" class="nav style3 style2">Groups</a>&nbsp;| <a href="events.php" class="nav style3">Events</a></span><span class="style11">&nbsp;|</span> <span class="style6"><a class="nav" href="classified.php">Classifieds</a>&nbsp;| <a class="nav" href="view_all_journal.php">Journal</a>&nbsp;| <a class="nav" href="videos.php">Videos</a>&nbsp;|</span>

<span class="style6"><a href="music_signup.php" class="nav">Bands</a></span><span class="style6">&nbsp;|</span>
<span class="style7"><a href="commingsoon.html">More</a></span><span class="style10"> | </span>
<span class="style6"><a href="join_us.php" class="style4">Join Us</a> |
<a href="login.php" class="nav">Login</a> </span>
</div></td>

</tr></tbody></table></td>
</tr>

<!-- Nav.php -->
<script language="JavaScript1.1" type="text/javascript" src="http://context5.kanoodle.com/cgi-bin/ctpub_adserv.cgi?id=86676156&amp;site_id=86676157&amp;format=conly"></script></tbody></table><table class="dark_b_border2" align="center" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>

<tr>
<td bgcolor="#999999"><p class="style3"><font color="#ffffff" size="2">Cool New People</font></p></td>
</tr>
<tr>
<td>

<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td valign="top">
<table align="center" border="0" bordercolor="#000000" cellpadding="3" cellspacing="0" width="100%">
<tbody><tr>
<td colspan="10"><img src="images/clear.gif" border="0" height="5" width="1"></td>
</tr>
<tr>
<td bgcolor="#ffffff" height="5" width="15"><img src="images/clear.gif" border="0" height="1" width="15"></td>
<!-- person 1 -->
<td class="text" align="center" bgcolor="#ffffff" height="5" valign="top" width="130">
<a class="bold_black" href="view_profile.php?member_id=724" id="coolNewPersonURLa1">
<img src="image_gd/image.php?72474890998.jpg" border="0"><br>
</a><a href="view_profile.php?member_id=724">
Aleks</a>

</td>
<!-- person 1 -->
<!-- person 1 -->
<td class="text" align="center" bgcolor="#ffffff" height="5" valign="top" width="130">
<a class="bold_black" href="view_profile.php?member_id=994" id="coolNewPersonURLa1">
<img src="image_gd/image.php?994129490998.jpg" border="0"><br>
</a><a href="view_profile.php?member_id=994">
Vovchik</a>
</td>
<!-- person 1 -->
<!-- person 1 -->
<td class="text" align="center" bgcolor="#ffffff" height="5" valign="top" width="130">
<a class="bold_black" href="view_profile.php?member_id=1161" id="coolNewPersonURLa1">
<img src="image_gd/image.php?116117841158555613.jpg" border="0"><br>
</a><a href="view_profile.php?member_id=1161">
Pioneer</a>
[.............]
<a href="/join_us.php"><img src="/images/sign-up-now.jpg" alt="Sign Up Now" border="0"></a>&nbsp;</td>
</tr>
<tr align="center" valign="top">
<td colspan="2">
</td></tr></tbody></table>

&nbsp;</td>
<td align="center" valign="top">

</td></tr></tbody></table></td>
'nuf said.

As blizzard said, you can't hide the source code for anything visible to the user. Sure, PHP code is safe, but not its output. You can make html completely secure just like PHP too-- don't send it out to the user. But anything sent to a browser to generate a page will be visible. A browser is just showing the source code, but interpreting it in a certain way. If you wanted to create a "browser" that just showed the source code of html pages instead of a layout view, then that's exactly what would happen.

By the way, regardless of how many layers you may have in your original source code, right click>"View Selection Source" will bring up the source every time, dynamic, generated, "hidden", obfuscated ["encrypted"], or not.

jscheuer1
11-25-2007, 09:32 PM
The easiest way to disable 'view source' is to unplug the computer.

If you just want to make it hard for idiots, add a ton of blank lines at the beginning of the source code.

djr33
11-25-2007, 10:00 PM
Haha. No, John! People are going to start doing that now.

"Hi. I have a question about Javascripts on my page!!! It don't works! I have it pasted here."
"I don't see any code..."
"Oh, just scroll down 106 lines. That's my security. Isn't it the c00lest!?!1111"

hangman17
03-05-2008, 10:44 PM
ok this is amazing not a single one of u answered his question lol

and neither will i

there isno possible way to disable ur view source if u r usin html on ur page

only javascript, css, etc.

Simply Me
03-06-2008, 01:12 AM
I tried google and came with this http://www.aevita.com/web/norightclick/ the least you can do to protect your site.

djr33
03-06-2008, 01:24 AM
Um, yes, hangman, we did-- there is no way, just as you repeated.

No, Simply_Me, that's just annoying and stupid, and easily overridden, plus it may not work in some browsers anyway (and you can always turn off Javascript, view source, and all that stuff).

Simply Me
03-06-2008, 01:28 AM
Yes, djr33 that's true but that's the least he can do if he really like to put some sort of "protection".

Try this site also if you want. http://www.htmlguardian.org/help_main.html

djr33
03-06-2008, 01:47 AM
Wow, that looks stupid. I can't find a test page, sadly, to show how faulty it is, though.

jscheuer1
03-06-2008, 01:59 AM
No Way . . . . . . . . . . . . . . . . . . . . . . !

Jas
03-06-2008, 03:12 AM
Even if you "hid" the source code, the required information to display the page is saved in the browsers cache, isn't it? So can't you just open it from there? Well, I guess PHP can keep that from happening. . . Anyway, this thread is three years old. When will it just die? lol

hmsnacker123
03-07-2008, 09:43 PM
ok theres no way of really securing your source you can run it through some sort of so-called 'encrypter' but people will just decrypt it so the answer is simple - dont put things that u dont want stolen on your webpage !

jscheuer1
03-08-2008, 02:29 AM
I'd lock this thread if I thought it would do any good, but someone would just start another. There are already several pertaining to this topic on this forum as well as related matters like image 'protection'. There are ways to safeguard content. Primarily copyright law, but there are also basic common sense practices, all of which have been discussed to death in other threads, so I will not bother repeating them here.

VampireCoder
12-04-2009, 05:22 AM
I read all of these comments and nobody give a solution for it.. Anyways, Nothing is Impossible.. Here is the solution of your Problem..

Disable Browser Cache ...

Include this META Tag in the HEAD section of your page along with the other META Tags ...




<!-- MICROSOFT/MOZILLA/NETSCAPE BROWSERS ALL REQUIRE THIS META TAG -->
<meta http-equiv="Pragma" content="no-cache">

<!-- MICROSOFT BROWSERS REQUIRE THIS ADDITIONAL META TAG AS WELL -->
<meta http-equiv="Expires" content="-1">



and then include this second HEAD section between the closing BODY Tag and closing HTML Tag ...




</body>

<!-- ADD THIS EXTRA HEAD SECTION IF YOU FIND YOUR PAGES ARE STILL BEING CACHED IN SOME BROWSERS -->
<head><meta http-equiv="Pragma" content="no-cache"></head>

</html>



------------------------------------------------------------------------------------------------------------------------------

Disable View Source (Menu + Right-Click)

Assuming you have already set the most basic restrictions using administrative tools, here are some additional steps you can take. Note that these steps require making changes to the Windows Registry. Do not attempt to make any of these changes unless you feel completely comfortable editing the registry, as it can otherwise cause your computer to malfunction.

IE Toolbar Restrictions

Reg Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Create a DWORD key SpecifyDefaultButtons and give it a value of 1

To remove a button from the toolbar, create additional DWORD keys with a value noted below:

Key: Value = Effect
Btn_Back: 2 = Back button and menu item.
Btn_Forward: 2 = Forward button and menu item.
Btn_Stop: 2 = Stop button and menu item.
Btn_Refresh: 2 = Refresh button and menu item.
Btn_Home: 2 = Home button and menu item.
Btn_Search: 2 = Search button and menu item.
Btn_History: 2 = History button and menu item.
Btn_Favorites: 2 = Favorites button and menu item.
Btn_Media: 2 = Media button and menu item. [Only available with IE 6]
NoBandCustomize: 1 = No adding or removing menu or toolbars.
NoToolbarCustomize: 1 = Customizing the toolbar.

Note that these keys will remove both the toolbar button and the menu item, successfully disabling access to that particular functionality.

IE Restrictions

Reg Key: HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions

Create a DWORD key:
NoBrowserBars: disable changes to browsers bars.
NoBrowserClose: disable the option of closing Internet Explorer.
NoBrowserContextmenu: disable right-click context menu.
NoBrowserOptions: disable the Tools / Internet Options menu.
NoBrowserSaveAs: disable the ability to Save As
NoFavorites: disable the Favorites.
NoFileNew: disable the File / New
NoFileOpen: disable the File / Open
NoFindFiles: disable the Find Files
NoSelectDownloadDir: disable the option to change download directory
NoTheaterMode: disable the Full Screen view
NoOpeninNewWnd: disable Open in New Window
Noviewsource: disable the ability to view the page source HTML.
NoNavButtons: disables the Forward and Back buttons
NoPrinting: Remove Print and Print Preview from the File menu.
AlwaysPromptWhenDownload: Always prompt user when downloading files.

Give it a value of 1 to turn on the restriction

Reg Key: HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions

Create a DWORD key:
NoToolbarOptions: disables adding, removing, or moving toolbars.

Keyboard Control

Finally, there are times when complete keyboard control is required (such as disallowing Ctrl commands). If buying special terminal keyboards is not an option, do not worry. There are ways in which you can "turn off" any key on the keyboard, by altering the scan code mappings for your keyboard.

Reg Key: HKLM\SYSTEM\CurrentControlSet\Control\Keyboard Layout

In the Keyboard Layout key, the Scancode Map value (REG_BINARY) must be added. The first and second DWORDS store header information and should be set to all zeroes for the current version of the Scan Code Mapper. The third DWORD entry holds a count of the total number of mappings that follow, including the null terminating mapping. The minimum count would therefore be 1 (no mappings specified). The individual mappings follow the header. Each mapping is one DWORD in length and is divided into two WORD length fields. Each WORD field stores the scan code for a key to be mapped.

Once the map is stored in the registry, the system must be rebooted for the mappings to take effect. Note that if the mapping of a scan code is necessary on a keypress, the step is performed in user mode just before the scan code is converted to a virtual key. Doing this conversion in user mode can present certain limitations, such as mapping not working correctly when running under Terminal Services.

For the purposes of this tutorial, I will show how to turn off both Ctrl-keys. The following value should be stored in the Scancode Map key:

00000000 00000000 03000000 00001D00 00001DE0 00000000

0x00000000 = Header: Version
0x00000000 = Header: Flags
0x00000003 = Three entries in the map
0x001D0000 = Remove the left CTRL key (0x001D --> 0x00).
0xE01D0000 = Remove the right CTRL key (0xE01D --> 0x00).
0x00000000 = Null terminator

Like I said -- this method can be used to turn off any key on the keyboard. It can also be used to create custom keys, or keys that you normally don't have on your keyboard (such as a mute key). All changes require reboot before going into effect.

Give it a value of 1 to turn on the restriction.

jscheuer1
12-04-2009, 05:43 AM
I read all of these comments and nobody give a solution for it.. Anyways, Nothing is Impossible.. Here is the solution of your Problem..

There is no way you can run around making all those changes to everyone's registries. And they may be using a different browser or OS. As for disabling the cache for your page, even if that really works, it will not disable view source. It will make the page sluggish under certain circumstances and possibly break or otherwise adversely affect some scripts.

This is not to say your knowledge of the registry isn't impressive, though I suspect even this varies among different Windows versions. Have you for instance tested it on Windows 7? It is useless on a Mac or 'nix system.

But changing your registry will have no effect on others' ability to view your source code.

VampireCoder
12-04-2009, 06:10 AM
There is no way you can run around making all those changes to everyone's registries. And they may be using a different browser or OS. As for disabling the cache for your page, even if that really works, it will not disable view source. It will make the page sluggish under certain circumstances and possibly break or otherwise adversely affect some scripts.

This is not to say your knowledge of the registry isn't impressive, though I suspect even this varies among different Windows versions. Have you for instance tested it on Windows 7? It is useless on a Mac or 'nix system.

But changing your registry will have no effect on others' ability to view your source code.

It is possible by making Activex Control to making changes in registries and it's work for all browser.. but in case of OS, i am not confirmed.. but in XP it is work perfectly..

jscheuer1
12-04-2009, 07:03 AM
It is possible by making Activex Control to making changes in registries and it's work for all browser.. but in case of OS, i am not confirmed.. but in XP it is work perfectly..

Active X only works in IE. Besides that, most folks settings - the default settings for IE would prevent that sort of thing as it would be perceived by the browser as an attack. Java (not javascript) could be used for other browsers and OS's (even Windows and IE) if the methodology for each could be worked out. But once again, the majority of users' systems would prevent this as an attack.

I'm not questioning your ingenuity, and Active X is potentially a powerful tool. But this simply will not achieve the objective in all, probably not in most cases. Active X is really only useful for limited 'safe' things like filters, and AJAX type requests, or more extensively for Intranets where the admin can control what is allowed. You can trick or seduce some users into allowing more aggressive Active X applets, but most will not be fooled - many may not even be given the opportunity to be fooled, their security settings may prevent even that. Which brings me to, like browsers on networks, often all Active X is disable network wide by the admin, including the 'safe' variety, due to some security holes that used to exist even in the settings required for filters, server requests, and css expressions. This latter wreaks havoc on some innocent scripts.

VampireCoder
12-04-2009, 09:51 AM
Have a look, I disabled the Source from View Menu.

http://i50.tinypic.com/1zv4cc7.jpg


Have a look this also, I disappear the View Source on Right-Click Mouse Button

http://i46.tinypic.com/201ag0.jpg

Have a look this also i disappear the save As function in File Menu and also disabled the save function in File. so the user can't save this web page in his/her local machine..

http://i47.tinypic.com/34jdfrb.jpg

:):)

jscheuer1
12-04-2009, 01:40 PM
That's all IE, and frankly a waste of bandwidth, those three large images. I never said I doubted that you could hack your own registry to get IE to do that. Besides, you could have photoshopped those images. I don't think you did, but they prove nothing.

As I said, if you do this to your own computer, it has no effect upon others' ability to view your source code, which was the original question here.

It would be great for an intranet where the admin has control over the registry of all users.

It shows ingenuity on your part, and I congratulate you for that. But it still doesn't do what you claim, or perhaps you didn't understand the original question (emphasis added):


hi!!! can you help me plsssss... i just wanna know how to disabble the source code i mean not just when you right click the mouse. i have a code that well disabble when you right click your mouse, and i want the whole source code will disabble so that all my visitors cant view my source code.. anyone plsssssss i rely need your help...thanx

Schmoopy
12-04-2009, 01:58 PM
Can't this thread just be closed? No one will be able to come up with what the original poster would like. It's just not possible.

jscheuer1
12-04-2009, 04:58 PM
Can't this thread just be closed? No one will be able to come up with what the original poster would like. It's just not possible.

If it bothers you, just don't read it. However, VampireCoder and I are having a valid discussion. VampireCoder's ideas are interesting and advanced. They just don't quite fit the bill, as far as I can see, of the original question.

djr33
12-05-2009, 12:15 AM
It is creative, but it doesn't block anything. It could be very useful for something like a terminal at an airport (or mall, hotel, etc), where they want to disable the system from acting like a web browser. However, there are other, better ways to do that, and few individuals need that code.

It does not do anything for solving the original problem, and activex, java and other similar solutions are terrible ideas because they would actually change the settings for EVERY website, not just yours, and this would be clearly an attack that would be blocked by most systems and soon the website would get on all sorts of lists, like google's malware warning, etc. That is rather like opening an image gallery and stabbing everyone in the eyes, so they don't decide to steal your work.

The meta tags are a start of some sort, but you can use another sort of browser (like a text only browser you could code yourself) to get around that easily, even if there were no way to do it with a regular browser, and there is.

jscheuer1
12-05-2009, 03:46 AM
It is creative, but it doesn't block anything

Amen to that. And I realize that there may be better methods to do this on a closed network. Personally I'm not aware of any though. Now I'm talking primarily about using the registry hacks to create a default registry for all installs, not so much using Java and/or Active X to enforce that, though that could perhaps be a component.

If you have a better way - That would be of interest to me. And probably to VampireCoder and others as well.

My area of expertise is mainly in 'making it happen' as far as javascript, HTML, css and to a degree in some of the many other languages/methods involved more or less directly in web presentation. That's why I'm not so up on what the alternatives for something like this on an intranet might be. That doesn't mean I'm not interested, or that it isn't a valid area for discussion.

On the other hand, I think that you, djr33 and VampireCoder, may be more directly interested in these matters - budding sysadmins, if you will. To that end I would encourage a free exchange of ideas around how this might be deployed on a closed network. I'll probably learn some useful things. Everyone stands to benefit.

djr33
12-05-2009, 04:54 AM
Right, registry entries are interesting.

The other methods I was referring to are system-wide options like full screen applications that basically take over the whole OS. That's how paid web kiosks work. And in fact you can entirely avoid using them (and avoid paying) if you simply stop the programming from opening while booting. Of course you have no control of closing it once it is open, though.

My main point is that you don't need to disable view source when you have already disabled everything else. Rarely on a network would you just want to disable view source without disabling more, so then what is the benefit?