homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / New To Web Development
Forum Library, Charter, Moderators: brotherhood of lan & mack

New To Web Development Forum

Untrustworthy client
how to protect source code from theft from the client.

 7:45 pm on May 3, 2004 (gmt 0)

I have a client that does not have the best reputation for being honest. Because of this I got 40% of my payment up front and the next 40% comes when the page is ready for final editing. The site will have 1 other editing time frame and I am concerned the client will use a website crawler to download the entire site when it is 80% to 90% complete and then never talk to me again.

I was planning on giving him a 48 hour window to view and edit the site through a password protected directory. If he is literate enough to use a web crawler he can download this site in a few minutes.

Is there any way to protect this site until final payment is received, or do I cross my fingers and hope?




 7:51 pm on May 3, 2004 (gmt 0)

Do you have a signed, written contract? That's your best protection.

(edited for spelling)


 8:20 pm on May 3, 2004 (gmt 0)

Yes, but the court costs would be more than the website.



 8:54 pm on May 3, 2004 (gmt 0)

You could always use escrow services or have the client post a bond.


 9:04 pm on May 3, 2004 (gmt 0)

I was trying to do this with technology. I don't want the client to know I don't trust him.


<edited for spelling>


 5:11 pm on May 4, 2004 (gmt 0)

I don't know how many pages you're talking about so this may be an unrealistic idea. But, what if you either showed him printed or PDF copies.

Maybe bring him into the office for a showing. Of course, if y'all aren't in the same area this doesn't work.

Or, maybe ask him what browser he uses and block anything else. I know some spiders show up as browsers, but it might work.

Try REALLY low resolution pictures. Probably not a great solution.

- Ryan


 5:38 pm on May 4, 2004 (gmt 0)

I've seen a javascript before that could obfuscate html. What it did was encode all the html in unreadable mass of garbage and then used document.write to write it on the screen while decoding it.

That would work for sure unless your client is a good programmer to figure out the algo of that javascript.

I do not remember the name, just search around, I am sure you can find it.


 7:36 pm on May 4, 2004 (gmt 0)

Put COPYRIGHT on all pages and print out these pages with the date on it. This way, if the client attempts to run your code AFTER this date, you're covered. (also print out the code pages as well). Place these pages in an envelope and take to the post office to hand stamp. Have them stamp this OVER the sealed edge.

Keep this envelope in a safe place, and if it ever comes to court, simply hand the envelope to the judge and let him open it up. Case Closed!

Also, if you use the above-mentioned javascript code-obfuscator, you can also use this for images, but you can add a layer to the pages, with a full, blank transparent spacer image. If he tries to 'right click' to steal it, all he'll get is the transparent image.

sample code:
<div id="valuable_image" style="position:absolute; width:200px; height:189px;
z-index:1; background-color: #FFFFFF; visibility: visible; top: 37px; left: 27px; ">
<img src="/images/symbol1.gif"
width="197" height="195">

<div id="guard_dog" style="position:absolute; width:200px; height:189px;
z-index:1; border: 1px none #000000; visibility: visible; top: 37px; left: 27px;">
<img src="/images/transparent_fake.gif" width="197" height="195" >

Good luck!

Patrick Elward


 8:06 pm on May 4, 2004 (gmt 0)

Keep this envelope in a safe place, and if it ever comes to court, simply hand the envelope to the judge and let him open it up. Case Closed!

crashomon, this is called "poor man's copyright" and it's one of the biggest myths ever about copyright.

Do a web search on "sealed envelope copyright myth" and read through some of the resources.


 8:12 pm on May 4, 2004 (gmt 0)

HI pkropp

If you want a tech solution that doesn't up front shows him that you dont trust him you could set up a couple of spider traps on the site (and dont mention the traps in robot.txt)

This way if he tries to spider the site and download it he will be locked out and will come to you. But he can surfe the site normally.

tho spider trap can be found by doing a search on Webmasterworld for "PHP spider trap"

Kind Regards


 8:20 pm on May 4, 2004 (gmt 0)

ouch! Pleeker is right! I learned about the 'poor man's copyright' trick from a friend a million years ago and have kept it in my head as a 'good to know.'

Oh well, thanks for the heads up. Disregard my previous post on this matter.



 4:09 pm on May 5, 2004 (gmt 0)

The spider trap is here [webmasterworld.com] , it works for that purpose exactly as stated, it's very funny when somebody tries to download your site and they get that beautiful 403 screen after the first page. I added a form to the 403 page so they can email you to get unblocked, that also sends the ip address they are at to you in the email. Important is to place a link on every page of the site that leads into the spider trap.

I had a client I didn't fully trust and simply showed him the completed website on my laptop then went with him to the bank for cash payment. He ended up being my best and most long lasting client.


 6:31 pm on May 5, 2004 (gmt 0)

This spider trap will catch offline viewers and the like keep them from downloading the page?

This seems like a reasonable solution. Thanks to everyone who has given recommendations.



 10:31 pm on May 6, 2004 (gmt 0)

The spider trap will block anyone who tries downloading your entire site, but it won't keep them from downloading a single page with all the relevant files. If you don't put the spider trap page in the robots.txt file, and if you put the link to the spider trap fairly high up on the page, before any other links, a downloader will get only the page they are on, after that it's a 403 unauthorized access page.

If you are in the same area as your client, I would go to him and show him the site on a laptop, that's the safest, and doesn't have to seem like you don't trust him, it's just a regular business meeting. Then when he pays you, and the check clears, you can put the site up.


 10:39 pm on May 6, 2004 (gmt 0)

Here is a mean trick ;)

Create a Snap shot of every page and link it with each other like a slide show.

Create a webpage make a link to the slide show and make sure that it opens in a new window, and allow only IE.

Also, make sure that the link on the main page is encrypted and the new links that opens up, does not have scroll bar, address bar and right click ability, and to top that, make sure that the sourcecode/image-code is also encrypted.

Also, it always helps to change the size of the site snapshot into a smaller size so even though it will get the point across, and will try to protect you if the end users were to screen capture the page and try to cut images.

Next you can also, Add *YOUR* name or logo where the logo should appear on the site and in addition to that, watermark the best images/graphics on the site.

Anyone with even 5% common sense, should be able to see a site would look even when modified as above, so I assume your client should not have any problem.

Hope this helps.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / New To Web Development
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved