How do I hide my source code?

@fredmvFeb 02.2004

~~[b]~~Unbelievable[/b]. If you look in the JavaScript section right now, there are currently three threads on this very subject. I know there is already a “posting guidelines” sticky in the JavaScript section, but maybe someone should consider adding another sticky about how hiding the source code (or ~~[i]~~attempting[/i] to) is absolutely impossible and completely pointless? This should cut down the number of duplicate threads on this subject.

to post a comment

Full-stack Developer

33 Comments(s) _↴

@buntineFeb 02.2004 — #Yer i agree. It just makes me angry when i see someone posting that now..

I have never been able to understand why anyone would even want to do it..

Regards.

@rhsundergroundFeb 02.2004 — #i would like to see said sticky as well. having replied to each of these 3 posts, i feel that people just can't read. by the way--->how do we get a sticky? is that an moderation power?

@fredmvauthorFeb 02.2004 — #[i]Originally posted by buntine [/i]

[B]I have never been able to understand why anyone would even want to do it..[/B][/QUOTE]Same here. It's mostly confused newbies, I believe...[i]Originally posted by rhsunderground[/i]

[B]how do we get a sticky? is that an moderation power?[/B][/QUOTE]Yes — you need certain privelages to do it. Only moderators, super moderators, and administrators are able to. Possibly other user groups too, I would imagine.

@rhsundergroundFeb 02.2004 — #damn.

@Robert_WellockFeb 02.2004 — #Dear CompGuy Pete

Some users whom would like to prevent their source-code from being seen plague us can you fix it so.... why not just PM Pete he doesn't bite or anything I still have one arm and one leg left intact.

@Paul_JrFeb 02.2004 — #I agree. I'll send our Resident CompGuy a PM, too. The more he gets, the better chance we have, eh? :p

Lol, I was freaked out when I saw the subject of this thread and who the author was. I thought fredmv had gone wicky in the wackywoo. ?

@fredmvauthorFeb 02.2004 — #[i]Originally posted by Paul Jr [/i]

[B]Lol, I was freaked out when I saw the subject of this thread and who the author was. I thought fredmv had gone wicky in the wackywoo. [/B][/QUOTE]I figured that would be the reaction to some... ?

@Compguy_PeteFeb 02.2004 — #WOW....

Only one PM is needed... LOL No need to flood my inbox ?

I totally agree! Somthing needs to be done. Why don't you guys work on what needs to be said and I'll create it.

@fredmvauthorFeb 02.2004 — #Pete rocks. ?

How's [url=http://forums.webdeveloper.com/showthread.php?s=&threadid=26841]this[/url]? ?

@Compguy_PeteFeb 02.2004 — #Done!

@fredmvauthorFeb 02.2004 — #Very nice. Thanks Pete. ?

@VladdyFeb 02.2004 — #Ok, here are my thoughts why people try to hide their source code, why it is pointless for HTML and what are the alternatives for CSS and JS. Feel free to edit the post, Pete.

It is natural for web developers, as for any type of creators, to be protective of their work. This desire however is practically imposible to fulfill in the realm of the World Wide Web. Any information leaving a server unencripted (or the one subsequently decripted by the client for processing) becomes public domain and therefore can be saved, copied, analized and reused.

Still there are plenty of web developers who attempt to block ability of web site visitor to access thier code. The irony of the situation is that such web developers are most of the times amatures who do not understand the web technology in depth (otherwise they would not be wasting their time on things like "no right click" scripts) and the code they are trying to protect is not worth much anyway.

While few years ago, when HTML used to contain both content and presentation, one could justify their desire to hide the source code by unwillingness to reveal their layout tricks (on the same token the only trick one would find in such a code was the number of table nestings required to achieve the effect). Nowadays when those who can be called "prefessional web developers" leave presentational elements to style sheets, hiding HTML source becomes a mute point. HTML source does not contain much more than what the user sees on their browser screen - source code for a paragraph of text adds only opening and closing tags to what user already sees.

Therefore authors who use right click and view-source: blocking do nothing but annoy their visitors by depriving them from navigation methods they are accustomed to, and declare themselves as amature web developers. Those who employ javascript HTML encription not only lose ~15% of their potential customers with javascript disabled, but also make thier site unusable for search engines which results in even higher customer losses. This is the type of HTML code protection that makes me ask a question: "Why put your site online, when no one can find it???"

The only weak arguement I still come across is: "my HTML source code still contains links to my stylesheets, scripts and images which I would like to protect". However there are plenty of ways to get those without looking at HTML source code, one is to use "Save Page As..." feature on a browser, another one is simply check the cached files folder.

While there is nothing that can prevent a determined and knowledgable person from copying a web site, there are ways to make it harder without affecting site usablity.

Making your CSS harder to get:

We all know about the CSS implementation bugs in IE and the need to have different styling for IE and gecko browsers when it comes to more complicated layouts. Usually it is accomplished by using IE (and older browser) hacks in the same stylesheet. Personally I prefer to use server side scripting to send browser adjusted stylesheet to the client. This method has certain pros and cons that have been extensively argued about, but one of the side effects of this approach is that potential thiefs would need to have you site saved by different browsers and either have the same server side code that performs browser detection, or have to study your stylesheets, understand the browser hacks that you are using and compile them into one - usually a task more difficult than writing own stylesheet from scratch.

JS protection:

While there are plenty of ways to scramble JS code so that it is harder to understand, it still can be done. Also good amount of scripts can work as is, so there is no real need to descramble them.

A better approach is to leave tracers in your script that tell you where your script is beeing used and go after theifs, when it is worth doing so. An example of a traces can be the following line:

(document.createElement('img')).src = 'http://www.mysite.com/tracer.php?URL='+document.url

where tracer.php is a server site script that logs the URL that used the script and also an IP address of the computer it was used on.

@Aronya1Feb 02.2004 — #... Don't publish your site!

@PeOfEoFeb 02.2004 — #vladdy, could you provide a cliff's notes of that last post for me?

@fredmvauthorFeb 02.2004 — #[i]Originally posted by Aronya1 [/i]

[B]... Don't publish your site! [/B][/QUOTE]Was that sarcasm or did you just not actually read my post?

Also: excellent post [b]Vladdy[/b]. That should really be added to the already created sticky. Is it really at 15% now for people in which use non-JavaScript browsers or have simply disabled it? So it went up since the last time I checked I suppose...

@VladdyFeb 02.2004 — #Fred, I rounded it up to 15%, but with the increase of PDA, cell phone and other non desktop browsers this number will only go up....

Also, as you too mentioned, how do you estimate visitor loss due to lower/no ranking with SE???

@PeOfEoFeb 02.2004 — #http://www.thecounter.com/stats/2003/December/javas.php

looks like it is still 13% according to the counter. How would they tell if it is just turned off though, I guess you might be able to compare it to the number of browsers that are able to disable or something. Look, mozilla has a whole 1% now!

@Aronya1Feb 02.2004 — #[i]Originally posted by fredmv [/i]

[B]Was that sarcasam or did you just not actually read my post?[/B][/QUOTE]
Yes, and yes.

Yes, it was intended to be sarcastic. And yes, I read your posts. Even went back thru them when you questioned, but didn't see anything that said "don't publish your site."

Sorry if I somehow crossed a line somewhere.

@PeOfEoFeb 02.2004 — #not publishing your site would work though... unfortunatly it would make your site 99.999999% unacessable (.0000001% would be you)

@fredmvauthorFeb 02.2004 — #[i]Originally posted by Aronya1 [/i]

[B]Yes, and yes.

Yes, it was intended to be sarcastic. And yes, I read your posts. Even went back thru them when you questioned, but didn't see anything that said "don't publish your site."

Sorry if I somehow crossed a line somewhere. [/B][/QUOTE]No problem whatsoever. I was just wondering. ?

@spufiFeb 03.2004 — #[i]Originally posted by PeOfEo [/i]

[B]http://www.thecounter.com/stats/2003/December/javas.php

looks like it is still 13% according to the counter.[/B][/QUOTE]

Nope.

http://www.thecounter.com/stats/2004/February/javas.php

And January's numbers are the same.

Good to see the site is back to posting numbers again. Nothing new was being posted for months.

@PeOfEoFeb 03.2004 — #spufi, it is febuary 2nd, that what you just posted might not be the most accurate.

@spufiFeb 03.2004 — #http://www.thecounter.com/stats/2004/January/javas.php

Like I said, January's numbers are the same. If you look at numbers from May 2003 until December 2003, you will see the stats are based on May though whatever month you are looking at. However, the new year is showing a rather large drop in users disabling JavaScript so far. One guess is people are using pop up blockers enough to where they have one less reason, and a big one at that, to have JavaScript disabled.

@PeOfEoFeb 03.2004 — #Oh sorry, not playing attention. Brain fart. Thought you posted febuary... thought I posted... ahh never mind... stupidity at work watchout!

@spufiFeb 03.2004 — #I did originally post Feburary's numbers. I did go back and double check December 2002/January 2003's numbers to see if there was a big change maybe due to Christmas and hence a number of newer computers, but in both months it was 10%, so I doubt Christmas was the cause.

@MIRIAMJan 28.2005 — #Well "big boys".

I see that u are very hero in the net.

Yes, off course it is very hard.

You must be Poor creature in your life.

And to the point, if you can't understand way pepole

don't want that their code which they work hard

of it and their ioriginal ideas don't

steal you probably don't have high IQ.

@rhsundergroundJan 28.2005 — #[i]Originally posted by MIRIAM [/i]

[B]Well "big boys".

I see that u are very hero in the net.

Yes, off course it is very hard.

You must be Poor creature in your life.

And to the point, if you can't understand way pepole

don't want that their code which they work hard

of it and their ioriginal ideas don't

steal you probably don't have high IQ. [/B][/QUOTE] interesting...

well i understand why some people don't want their code to be seen, but it's generally silly for them to do that, because there are so many ways to get around it. and as people are becoming more computer-literate, they are finding these ways, so these scripts are only effective against the most ignorant of users.

and by the way - my IQ floats somewhere around 150 ?

@PeOfEoJan 28.2005 — #[i]Originally posted by MIRIAM [/i]

[B]Well "big boys".

I see that u are very hero in the net.

Yes, off course it is very hard.

You must be Poor creature in your life.

And to the point, if you can't understand way pepole

don't want that their code which they work hard

of it and their ioriginal ideas don't

steal you probably don't have high IQ. [/B][/QUOTE] [COLOR=deeppink]I cna understand why people do not want their intellectual property stolen but the issue at hand here is that [u]it is not possible to hide source code[/u]. Hell, I can think of a million ways of getting it, I can even use telnet to get it if need be.[/COLOR][COLOR=deeppink]ps: You doug up a long dead thread[/COLOR] ?

@methodpgDec 15.2005 — #As this seems to be a thread where some knowledgeable people have posted...

I just wondered if you could check something over... regarding the whole hiding JS thing...

http://www.webdeveloper.com/forum/showthread.php?t=88223

It's not... encrypted/scrambled code or anything that requires reverse engineering... but a mixture of JS-XMLHTTP/ASP/etc that aims to make the code never show up when you either save the page... or view the source-code (including when you following links to javascript files, etc.)

And seriously... with the Ajax hype lately... it's not hard to understand why some developers might want to make it hard for the competition to just come along and effectively steal an entire project.

btw... I'm an open-source developer. So don't bite my head off!!! ?

I'm just experimenting with something that would fool IE and Firefox into downloading fake source-code when people try to leech it!!!

@ramakrishna_p2Dec 16.2005 — #Vladdy, Iam proud to have member like you. Please accept my thanks for sparing your valuable time to educate newbies...I always expect this kind of analysis and positive way of explanation instead teasing way of languages. Our basic aim of becoming member in this forum is not to tease others with unwanted languages. If members can spare some time to analyse things like Vladdy did and expressed his views in befitting manner will sure bring charm to this site. Let all of us starve for mutual education instead wasting time to pin point others ignorance. Well done Mr.Vladdy!

@felgallDec 16.2005 — #I just wondered if you could check something over... regarding the whole hiding JS thing...[/QUOTE]

Javascript is the only piece of a web page that can be coded in such a way as to have it take more than a couple of seconds to obtain the source. For everything else (HTML and images) a simple Save As from Netscape 7.0 will give you the source no matter what protection/encryption was applied.

@UbikDec 16.2005 — #Another way:

Code your html and render it to a browser window and take a screen shot, and post the screen shot on the web with your watermark on it and right-click disabled with javascript and, with a transparent images layered on top for good measure...

You might have to do some tedious image mapping on your final image output.

Good Luck, You'll need it! ?

@rhsundergroundDec 17.2005 — #i'm going to close this thread. i don't think there's really anything more to be said.

Also in #Full-stackDeveloper _↴

Is it better to have two separate pages for inserting/updating data?Beginners Flash Tutorial Robots.txt Excite.co.uk

Success!

Help @fredmv spread the word by sharing this article on Twitter...

Tweet This

How do I hide my source code?

33 Comments(s) _↴

Also in #Full-stackDeveloper _↴

Success!

Social

Version

How do I hide my source code?

33 Comments(s) ↴

Also in #Full-stackDeveloper ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

33 Comments(s) _↴

Also in #Full-stackDeveloper _↴