deadlock Message Board
[ November Full List | Post A Reply ]

Re: Please Help..Need advice on buying the best
From Michael on 10 August '01
replying to Re: Please Help..Need advice on buying the best "cloak" for hiding source code. posted by Eric

>This is complete hogwash people....there is NO way to hide html source from the viewers.....if someone wants to view the source, you just have to put up with that.... for javascripting and stuff, the best thing you can do is just put the javascripting in a separate JS file and use an include to get to it in your page... a decent webmaster will know to look for it by just typing the address of your webpage and the name of the .js file though. So, the moral of the story is, dont bother, it cant be done.

#1 What if you use Eric's example but instead of including a
static .js file you call a CGI program on the server instead.
The CGI program will conditionally send back the inline
JavaScript content only if the request wasn't disembodied, so to
speak. I'll leave it up to the reader to think up their own
methods of making this determination but you can try using the
HTTP_REFERER information, for example.

#2 Try client-side XMLDOM, ActiveX or almost anything that opens
up a new connection to the server and downloads data. In the
XMLDOM version a DIV tag's innerHtml property can be set to the
text from the stream; view-source will just show the empty DIV

#3 Various people have Java applets that will do this. Go find
one if you dig Java.

#4 MIME encoding comes with its own cool obsfucation, allowing
you to completely screw up an HTML stream with equivalent
characters. I won't go into the details but have previously
implemented something like this after reviewing some of HP.COM's

#5 Try using a frameset to frame the contents of the private
stuff and the latter includes a "right mouse click" handler of
your choice. The private content might be provided via CGI and
checks pedigree just like in the first example above.

#6 For IIS platforms write an ISAPI filter that checks pedigree
as in the first example, conditionally providing the
aforementioned private content rather than playing the CGI game
and returning a 404 to those disembodied requests.

Good luck,


Your Reply

*Your name:
*Message subject:
Home page title:
Home page URL:
(if you'd like to receive automatic replies by email)