SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Zealot clnewbill's Avatar
    Join Date
    Nov 2007
    Location
    north central Alabama, USA
    Posts
    144
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    How to lock a web page?

    Let's say I know the URL of a web page. Ordinary HTML web page. It's in a password-protected directory inside the /public_html/ directory, but I know the username and password and can get in using a browser. I don't have FTP access. Is there a way to download the file?


    Back story: Client wants to post the answer key to a test online for a limited time and is very, very extremely over-the-top paranoid that someone is going to steal it. I can set up the directory and separate username/passwords for each person authorized to view the answers. I can lock the page so that right-click is disabled, View Source is disabled, Save Page As is disabled, and Print is disabled.

    I've thought of two ways that the information could still be captured: PrtSc (can't be disabled in IE7) and pen and paper. I don't know of a way to stop either of those without a proctor being present, and since it's an online class, the students are scattered all over the place and proctoring is not possible.


    So my underlying question is this: Is there another way to capture the information that I haven't thought of? I don't want the client's hypothetical 10-year-old son to figure out a way to hack into the file and sit back going neener-neener because I didn't know about it.

    Thanks!

  2. #2
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    You can't stop any of the people with access to view the page from viewing the source, from saving the page, or from printing the page. Locking down browser functions is not real protection, they don't even need to use a browser to do those things, and they can turn off JavaScript to simply not run your "protection" code.

    Sorry, this is just not a realistic request. The answers have to be sent to the person's computer for them to be shown on the screen, and at that point it's too late to control that data.

  3. #3
    SitePoint Zealot clnewbill's Avatar
    Join Date
    Nov 2007
    Location
    north central Alabama, USA
    Posts
    144
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes... I know, and i tried to explain to the client how that worked. The people who will be viewing the page are less technically savvy (think mostly AOL users), so it's not nearly as likely that they would know how to turn off Javascript and so on.

    It may not be possible to stop. I was really just brainstorming possible approaches and thought I would ask you guys.

    Thanks for your answer!

  4. #4
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Even an AOLer (do they still exist?) can point their cell phone camera at the monitor and snap a picture of the answer key

  5. #5
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,810
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Web browsers have to download web pages in order to display their content. By the time someone sees the web page it has already been downloaded to their computer. Once it is on their computer they can do whatever they want with it without your having any way to block them.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  6. #6
    SitePoint Zealot clnewbill's Avatar
    Join Date
    Nov 2007
    Location
    north central Alabama, USA
    Posts
    144
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks, Stephen! I knew that, of course, and tried to explain it to the client (who wasn't listening for anything except "yes, I can fix it so they can't download it.")

    Dan: Perfect answer, and one that even this person might be able to understand.

    And oh yes, AOLers still exist. My clients, for whatever reason, seem to attract them.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •