SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 33
  1. #1
    SitePoint Enthusiast
    Join Date
    Jan 2003
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    encrypting html or php pages?

    Hi Everyone,

    Anyone know how to encrypt html or php pages so that it will be protected?

    People can't right click to it, view source to it, print your webpages, save your webpages and screenshot your webpages.

    Is there a way to do that? Hope to hear some expert response....

    Han
    “Discover the Highly Effective & Proven Strategies on building your own 100% Highly Targeted, responsive Opt-in List."

    Simply subscribe to our Newsletter at:
    http://www.listbuildersuccess.com

  2. #2
    Drupaler bronze trophy greg.harvey's Avatar
    Join Date
    Jul 2002
    Location
    London, UK
    Posts
    3,258
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No. There is no way to do that.

  3. #3
    SitePoint Enthusiast
    Join Date
    Jan 2003
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi greg.harvey,

    I believe there is a way to do that, I seen people doing it.... Anyone here know how to do that?
    “Discover the Highly Effective & Proven Strategies on building your own 100% Highly Targeted, responsive Opt-in List."

    Simply subscribe to our Newsletter at:
    http://www.listbuildersuccess.com

  4. #4
    Drupaler bronze trophy greg.harvey's Avatar
    Join Date
    Jul 2002
    Location
    London, UK
    Posts
    3,258
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No there isn't. If you deliver giberish to a browser then it will display giberish. You can't hide the HTML. By definition the server-side language (be it PHP/ASP/whatever) is hidden but not it's HTML output. Obviously, you can disable right-click but that doesn't deter people from stealing your code. It just annoys people that use the right mouse button (say, to open something in a new window).

    People don't steal HTML anyway. Or at least, the sort of people who steal HTML aren't worth worrying about since they clearly don't have a clue what they're doing in the first place!

    G

  5. #5
    SitePoint Enthusiast
    Join Date
    Jan 2003
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No, some hackers can view into your source code to hack your server and further more stealing your product from your order link..
    “Discover the Highly Effective & Proven Strategies on building your own 100% Highly Targeted, responsive Opt-in List."

    Simply subscribe to our Newsletter at:
    http://www.listbuildersuccess.com

  6. #6
    Drupaler bronze trophy greg.harvey's Avatar
    Join Date
    Jul 2002
    Location
    London, UK
    Posts
    3,258
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ???????

    Ok. You asked to prevent:

    1) Right-click. You can stop that but irritate your users you will!

    2) View source. Only if you pop your content in a JavaScript window and disable right-click. And the determined will get around this.

    3) Print your webpages. Can't stop that.

    4) Save your webpages. Ditto.

    5) Screenshot your webpages. And again, nope.

    If you don't believe me then ask away wherever you like. You'll get the same answer.

    As regards "hacking", I think you're being a little over-paranoid here. If your server's got the latest security updates, you have a decent firewall and your code doesn't allow people to enter malicious SQL statements or anything like that then you're pretty much ok. If not, well then go and get them. Updates are free, decent firewalls aren't too expensive and checking your code is only a matter of your time. Making sure you don't get hacked is nothing to do with encrypting code and the like.

    Perhaps you might detail your exact concerns regarding your website. Is this a response to a specific attack you've experienced? What sort of things are you trying to guard against? Is this in relation to credit card transactions? Are you really asking about SSL? It isn't clear...

    G

  7. #7
    eschew sesquipedalians silver trophy sweatje's Avatar
    Join Date
    Jun 2003
    Location
    Iowa, USA
    Posts
    3,749
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    greg.harvey is absolutly correct, if you make a page available on the web (and intend for it to be viewed), then a web browser needs to be able to understand it in order to display it.

    That appears to be what you want to avoid as well. You can't have it both ways, viewable by a browser but not by a "hacker" (who is just using a browser to fetch your page anyway).
    Jason Sweat ZCE - jsweat_php@yahoo.com
    Book: PHP Patterns
    Good Stuff: SimpleTest PHPUnit FireFox ADOdb YUI
    Detestable (adjective): software that isn't testable.

  8. #8
    Database Jedi MattR's Avatar
    Join Date
    Jan 2001
    Location
    buried in the database shell (Washington, DC)
    Posts
    1,107
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    rm -rf *.php

  9. #9
    Drupaler bronze trophy greg.harvey's Avatar
    Join Date
    Jul 2002
    Location
    London, UK
    Posts
    3,258
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  10. #10
    SitePoint Enthusiast
    Join Date
    Jan 2003
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Take a look at : [LINK REMOVED]

    and you will know what i mean...
    Last edited by seanf; Jul 10, 2003 at 04:49.
    “Discover the Highly Effective & Proven Strategies on building your own 100% Highly Targeted, responsive Opt-in List."

    Simply subscribe to our Newsletter at:
    http://www.listbuildersuccess.com

  11. #11
    Drupaler bronze trophy greg.harvey's Avatar
    Join Date
    Jul 2002
    Location
    London, UK
    Posts
    3,258
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    *** IMPORTANT NOTE ***
    The above link is to a site that runs some nasty ActiveX stuff and messes with your clipboard and everything if you're using MS IE. Don't click it!!!


    Well if that's so effective, how come this is the code for the main frame?

    It's IE specific and it's nasty. In fact, it would probably be blocked by virus killers if it ever took off as it does some pretty nasty things to people running on an MS platform. Opera's unphased though!

    Code:
    <html>
    
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
    <meta name="description" content="Templates by JSWWebDesign">
    <meta name="keywords" content="example, example, example">
    <title>:: Mike Chen's WebLock Pro ::</title>
    </head>
    
    <body topmargin="0" leftmargin="0" marginheight="0" marginwidth="0" rightmargin="0" bottommargin="0" bgcolor="#FFFFFF" text=#000000 link=#0000ff vlink=#0000ff alink=#0000ff>
    
    
    
    <table border="0" width="100%" cellspacing="0" cellpadding="0" background="images/topbkg.gif">
      <tr>
        <td width="50%">
          <p align="left"><img border="0" src="images/logo.gif" width="298" height="61"></td>
        <td width="50%" valign="top">
          <p align="right"><img border="0" src="images/contact.gif" width="64" height="15"><img border="0" src="images/homepage.gif" width="68" height="16"></td>
      </tr>
    </table>
    <table border="0" width="100%" cellspacing="0" cellpadding="0" background="images/linebkg.gif">
      <tr>
        <td width="1%"><img border="0" src="images/linebkg.gif" width="2" height="33"></td>
        <td width="99%" valign="middle" align=center><b><font face=arial,sans-serif size=2 color=#000000><a href=home.php><font color=#000000>Home</font></a> | <a href=home.php#order><font color=#ff0000>Order Now</font></a> | <a href=affiliates.php><font color=#000000>Affiliates</font></a> | <a href=support><font color=#000000>Support</font></a></font></b></td>
      </tr>
    </table>
    <table border="0" width="100%" cellspacing="0" cellpadding="0" background="images/line2bkg.gif">
      <tr>
        <td width="100%"><img border="0" src="images/line2left.gif" width="141" height="9"></td>
      </tr>
    </table>
    <table border="0" width="100%" cellspacing="0" cellpadding="0">
      <tr>
        <td width="1%" valign="top" background="images/sidebkg.gif"><img border="0" src="images/sideimg.gif" width="139" height="109">
          <p>&nbsp;</p>
          <p>&nbsp;</p>
          <p>&nbsp;</p>
          <p>&nbsp;</p>
          <p>&nbsp;</td>
        <td width="99%" valign="top">
          <table border=0 cellpadding=10 cellspacing=0 width=500><tr><td valign=top align=left><font face=arial size=2><div align=left>
    
    
    <font size=4 color=#000000><b>WebLock Pro Special Discount Offer</b></font><br><br><font size=3 color=#000000><b><i>Order before this offer expires and get $10 off your order!</i></b></font><br><br>
    Although all the features described on the previous page are available in the regular version of WebLock Pro, WebLock Pro Gold offers additional customization features that you might find very handy.<br><br>
    
    When a page is locked with WebLock Pro, the tagline "Page protected by WebLockPro.com" is added to each of your pages in the status bar and on the view source page.<br><br>
    
    The only difference between the gold version and the basic version is that you can customize this text to whatever you like (or completely remove it) with the gold version.<br><br>
    
    Just remember that this is your only chance to upgrade to the gold version for only $19.95.<br><br>
    
    <b>Currently, promotional prices are only available through PayPal.</b><br><br>
    
    <center><b><font size=4><a href=ppa/buy1.php?pid=3>Click Here Now To Order The Gold Version ($59.90)!</a></font><br><br><font size=3><a href=ppa/buy1.php?pid=4>Click Here Now To Order The Basic Version ($39.95)!</a><br><br>
    <font color=#ff0000><b>SPECIAL $10 OFF PROMOTIONAL PRICES WILL EXPIRE</b></font>
    
    
    <p style="margin-left: 20" align="center"><font face="Arial" size="1">©
          COPYRIGHT 2002 ALL RIGHTS RESERVED WEBLOCKPRO.COM</font></td>
          </div></font></td></tr></table>
      </tr>
    </table>
    
    
    
    </body>
    
    </html>

  12. #12
    SitePoint Enthusiast
    Join Date
    Jan 2003
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So is there a way to sercured for every kind of browser?
    “Discover the Highly Effective & Proven Strategies on building your own 100% Highly Targeted, responsive Opt-in List."

    Simply subscribe to our Newsletter at:
    http://www.listbuildersuccess.com

  13. #13
    Employed Again Viflux's Avatar
    Join Date
    May 2003
    Location
    London, On.
    Posts
    1,127
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No.

    Anyone that wants the content of your page can get it, and there's nothing you can do about it.

  14. #14
    Drupaler bronze trophy greg.harvey's Avatar
    Join Date
    Jul 2002
    Location
    London, UK
    Posts
    3,258
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No. Absolutely not. If the worse came to the worse, anyone desperate enough to look at your code could do so with an old DOS text browser or something. You can't do anything to stop that. And why on earth would you want to??

    I've had a better look at this now. There's no encryption going on. Let's look at the (inevitable) flaws:

    1) Here's the first thing Mozi says:

    Connection Not Encrypted
    The web site www.weblockpro.com does not support encryption for the page you are viewing.
    Translation: Anything delivered to the browser can be pulled out in transit by anyone who knows wha they're doing. Of course you can use technologies such as SSL to sit on this, but this product does NOT encrypt anything.

    2) Mozi has another nice feature. It lists all assets on a page and if you link directly to one of those assets, say an image, you can just take it anyway.

    3) It completely fails in Opera.

    4) It works by using some rather nasty bits of client-side code to take over and disable certain (useful!) bits of the user interface built in to Windows. Which is an appalling approach in my opinion. It screwed up my clipboard across every single Windows app until I quit IE.

    As I have proved already, it isn't fool-proof. Nothing like this will be. I pity the poor mugs who bought it. They ought to sue for their money back but they're probably too ignorant to realise they've been duped.

    This is basically a nice case in point that what you are talking about it essentially impossible to implement. Don't believe the "testimonials"... this is a horrible product!

    I still cannot for the life of me fathom out why on earth you would want to do this...

  15. #15
    Drupaler bronze trophy greg.harvey's Avatar
    Join Date
    Jul 2002
    Location
    London, UK
    Posts
    3,258
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Two more things. (edit) Any websites using a product like this are completely inaccessible and fail every validator. It crashes out IE for Mac completely.

  16. #16
    SitePoint Enthusiast
    Join Date
    Jan 2003
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so there is nothing we can do to protect it? can we use cloaking method?
    “Discover the Highly Effective & Proven Strategies on building your own 100% Highly Targeted, responsive Opt-in List."

    Simply subscribe to our Newsletter at:
    http://www.listbuildersuccess.com

  17. #17
    eschew sesquipedalians silver trophy sweatje's Avatar
    Join Date
    Jun 2003
    Location
    Iowa, USA
    Posts
    3,749
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The only thing you can do "protecting" you HTML source is annoy your users and briefly slow down a potential attacker (probably annoying them as well, making them want to break your site worse).

    Edit: The place to focus your attention is on infrastructure (firewall, up to date SSL server, recent PHP language etc.) and on your server side writing secure scripts (preventing false/invalid data, preventing SQL injection attacks, etc.).

  18. #18
    SitePoint Enthusiast
    Join Date
    Jan 2003
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Did you guys heard of cloaking page?
    “Discover the Highly Effective & Proven Strategies on building your own 100% Highly Targeted, responsive Opt-in List."

    Simply subscribe to our Newsletter at:
    http://www.listbuildersuccess.com

  19. #19
    Drupaler bronze trophy greg.harvey's Avatar
    Join Date
    Jul 2002
    Location
    London, UK
    Posts
    3,258
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Speaking of which, I do apologise to Mr Chen (was it?)... he is encrypting the stream of HTML coupled with nasty ActiveX. But because the ActiveX is only semi-effective on a Microsoft platform only and his site isn't on a secure server, someone has already sussed out the algorythm:

    http://www.ozzu.com/descramble/descramble.cgi


  20. #20
    SitePoint Enthusiast
    Join Date
    Jan 2003
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    any other way to best protect html or php pages? how about cloaking pages?
    “Discover the Highly Effective & Proven Strategies on building your own 100% Highly Targeted, responsive Opt-in List."

    Simply subscribe to our Newsletter at:
    http://www.listbuildersuccess.com

  21. #21
    No. Phil.Roberts's Avatar
    Join Date
    May 2001
    Location
    Nottingham, UK
    Posts
    1,142
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by listbuildersucc
    Did you guys heard of cloaking page?
    Theres no such thing.

  22. #22
    SitePoint Enthusiast
    Join Date
    Jan 2003
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    maybe i am wrong.. it should be link cloaker instead
    “Discover the Highly Effective & Proven Strategies on building your own 100% Highly Targeted, responsive Opt-in List."

    Simply subscribe to our Newsletter at:
    http://www.listbuildersuccess.com

  23. #23
    Drupaler bronze trophy greg.harvey's Avatar
    Join Date
    Jul 2002
    Location
    London, UK
    Posts
    3,258
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There is, but it's a method for fooling search engines and a marketing technique. It's not a security thing.

  24. #24
    SitePoint Enthusiast
    Join Date
    Jan 2003
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I got it now Greg! Thanks for letting me know!
    “Discover the Highly Effective & Proven Strategies on building your own 100% Highly Targeted, responsive Opt-in List."

    Simply subscribe to our Newsletter at:
    http://www.listbuildersuccess.com

  25. #25
    SitePoint Evangelist ucahg's Avatar
    Join Date
    Apr 2001
    Location
    Sarnia, Ontario, Canada
    Posts
    434
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by listbuildersucc
    Did you guys heard of cloaking page?
    Let me explain something to you that I don't think you understand yet. In order for your browser to view a web page, it must download the HTML source of that web page onto your computer. It then interprets the HTML into what you see, and downloads all other files finds it needs along the way (embedded images, scripts, CSS, objects, et cetera). Now here is the clincher: if a web browser can view it, so can you! Traditionally you can view the source, but if that's "disabled" you can always find the file on your computer in the temp folder, or if you are using IE, you can type in the addressbar view-source:http://www.google.ca and voila you have the source.

    I haven't even went into all the programs that you can download to grab the source of your open browser window, and you can never disable screenshots (either native window shots with print scrn, or using a third party program). The fact is, your HTML and images will always be open for the taking.

    Now, this is not a security concern. It is no different than reading a book and being able to copy out the words. Your design may be stolen by amateurs, but anyone worth his salt will know better than to stoop so low. Finally, a user cannot "hack" into your website by looking at your HTML provided that you know anything about security concerns in the server side technologies you are using. Using a recent version of PHP properly (with register-globals off and never trusting user input) will go a long ways. There are many articles on common security holes, and how to fix them (in most cases very easily). This is where you need to focus all your attention. Not on HTML source. Not on images. As long as your site is programmed properly, you should have nothing to worry about.

    So, never never never try to block right-click, or hide images, or anything like that. It annoys the common user, does nothing to the determined theif, and is extremely unprofessional.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •