Design - Website Security

I’m still in the concept stages of this website. I’d like to disable the ability to copy so it deters most users from illegal activity. Using oncontextmenu=“return false;” only helps slightly, but you still can use shortcuts such as Ctrl + c to get by it. I will block browsers such as Opera that don’t enforce it. lol An idea… after attempting to copy content so many times or more it automatically redirects the user. I’m still a beginner, so can anyone help or give some good suggestions in securing my website’s content? I understand I can’t deter everyone.

Aptana Studio 2.0, Notepad++, and Firebug 1.5.4 are a few platforms I’m currently using. I’m interested in writing as much of the site in HTML5 as possible so some users will update to the latest more secure browsers (IE9, FF4.0, and Safari 5.0).

What security features should I add or be worried about then? It is understandable that I can’t stop everybody from copying content and not everyone will be intimidated by prosecution either. Still doesn’t mean I should do nothing.

You are basically wasting your time trying to hide (x)html “source code” on a publicly available website… It can be easily bypassed in 99.999% cases unless you just want to stop a causal user, i.e. one without much computing knowledge and doesn’t know what JavaScript is, etc.

Well, obviously if you disable JavaScript in the browser of if it doesn’t support client side scripting you methods of prevention will fail or certain generated content will not work anyway.

Essentially any HTML and CSS has to be downloaded by the web browser anyway (and can usually be found in cache) for it to be viewable. Though server-side script sits on the server so generally gets hidden in most part.

With images probably the best technique is to ‘digitally watermark’ them and with everything else place copyright notices on them. Other than that usually you have to assume most people are fairly honest.

In most cases people don’t bother trying to steal HTML or CSS but a lot will imitate successful designs. Obviously if you have “multimedia” content, again you might want that digitally signing and so forth.

But for generic HTML and CSS forget trying to prevent users viewing the source code.

I agree with Alex.

Anything you do to try to prevent your content being stolen will hurt legitimate visitors while having no effect whatever on the would be thieves.

If it has any effect at all any “protection” you implement will increase theft by those who think they are clever because they know how to bypass whatever you implemented.

Even if you obfuscate all of the HTML using JavaScript and so prevent the perhaps 10% of your potential visitors without JavaScript from accessing the page at all, the thief can use a simple program to convert it all back into readable HTML and text (that program is usually called a web browser).

Actually it’s exactly what it means, trying to protect something you place on the web is impossible and while the idea of putting a few barriers in place may sound like a good plan to discourage the less technical bad people, you will end up (like so many before you) hurting the legitimate users of your site. When you cripple copy and pasting (for example), someone who wants to steal your entire article will just disable scripting (with a couple of clicks) and go about business as usual… a normal average end user who wants to copy a snippet of text (under fair use) to perhaps remember something they want to get in touch with you about (however) will be unable to work around the problem (due to lack of knowledge) and they will become frustrated. History has shown us that trying to punish bad people (like with DRM) ONLY hurts the legitimate consumer, and while you may have noble aims, you will simply make more people hit the back button and leave your website (as you’re treating everyone like a criminal by crippling their browsers equally). Focus your attention on dealing with sites that DO steal your stuff, not the average user!