homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / HTML
Forum Library, Charter, Moderators: incrediBILL

HTML Forum

My boss wants me to hide the source code completely
I've seen it before. people disable the right click & Notepad will not open

 1:43 pm on Aug 5, 2009 (gmt 0)

Any idea's on this. You can't say it does not exist because it does.

Is it HTACCESS or something else. but i've seen it.(sadly no examples)
without using flash ofcourse.



 2:00 pm on Aug 5, 2009 (gmt 0)

You can't say it does not exist because it does.

I can, because it doesn't. To render a HTML page, the browser downloads the source code and interprets it. The rest is just obfuscation (hiding or making it slightly harder to view the source). Notepad is used by IE, Firefox uses its own viewer. If you disable right-click, you can go to the menu, or disable Javascript.


 1:53 pm on Aug 5, 2009 (gmt 0)

You can't hide HTML completely. You can make it harder to see but that's about it. A browser has to be able to get at the HTML to read it and if a browser can get to it, so can a person.

Disabling right click is kid stuff and only pisses people off. I don't need right click to get at your code. There are half a dozen other ways to do it.


 2:07 pm on Aug 5, 2009 (gmt 0)

There was a trick, though I'm not sure if it still works, that pretty much did "hide" it completely: gzip-compressed content with nocaching-headers. Back when we used it, neither firefox nor iex would show the source code, unless you'd manually reload the page, but just requesting it and hitting "view source" would either result in an empty window or not opening the viewer at all.
still, it's only a hack that uses some bug, in general, encyclo is right: it does not work and if you've seen it, it was probably just a clever trick to fool you.


 2:10 pm on Aug 5, 2009 (gmt 0)

You can't say it does not exist because it does

It does not exist because it simply doesn't exist.

For HTML to display in a browser I can view it no matter what.

However, you could do the site in FLASH but then the search engine can't do too much with the site either.

You can actually encode the entire site and decrypt it with Javascript on the fly in the browser, but then again, the search engine can't do anything with it whatsoever and a programmer such as myself can still get to your source code in a matter of minutes (or seconds).

The only way to truly hide source code is to put it on a CD and put it in your desk drawer and never expose it to the web. ;)


 2:10 pm on Aug 5, 2009 (gmt 0)

There is one that really works: do not publish the website.

As soon as you give it to a browser for rendering, you've lost beforehand.


 2:34 pm on Aug 5, 2009 (gmt 0)

Anyone who knows how to use a traffic analyzer(packet sniffer) will be able to see your code. So any tricks you use will make life more difficult but ultimately you can't protect what you put public.

You need to clarify to your boss that you can obscure the path to code access but anyone who wants it bad enough will be able to gain access.


 2:43 pm on Aug 5, 2009 (gmt 0)

What's so great about this code that it's worth hiding?

If there are well-written client-side functions that could be stolen, you could always make them server-side and have them "hidden" that way.


 4:44 pm on Aug 5, 2009 (gmt 0)

but i've seen it.

Are you talking about

(visualize the dots as plain carriage returns)

I've seen sites where there are like, 300 lines of carriage returns at the top. Not really hiding, but close enough to fool most people.

Another method: create a frameset with a single frame, nest the pages inside the frame. This is bad for SEO, but again, it fools many people.

Another is to remove all white space from code, making it difficult to rip. Not hiding it though.

It's simple logic: a browser needs source code to render, if it reaches the browser, it can be seen.


 9:19 pm on Aug 5, 2009 (gmt 0)

Don't waste any more time on useless gimmicks like this. :)


 11:01 pm on Aug 5, 2009 (gmt 0)

If a visitor is clever enough to use anything from the Source Code, they are almost certainly clever enough to overcome any trickery used to hide it.


 12:04 am on Aug 10, 2009 (gmt 0)

I can, because it doesn't.

I've never not been able to run down source code prettu easily.

incediBILL makes a good point with Flash, though there are Flash crackers available. You can tell the boss the source is hidden completely, but it is accessible to anyone that really wants it. The Flash route has its own issues, and I don't really need the source. If I can see the page I can hand-code a pretty close copy pretty readily. I only use CMS for massive search and replace and stuff like that. Hand-coding and testing new designs/templates is sweet; external CSS for screen and print, PHP includes for various blocks that will be repeated in various areas of the site.....

The 'average' ripper for something like this is as likely after the design as the content. Don't fret on that. Ripping your text is as fast and easy as the source. Nothing that you design is worth a lot of hassle to 'protect'. Swap in new background-images, border-style: border-color:, a little of this and that, and, using your source code, I can, with minimal editing, have a site that you would not even recognize as your design.

Same point on JS. It works. You can do it, but it also pretty easily defeated.

The boss is doesn't know what he is talking about and it is your job to look him in the eye and say so. If not you, then who? It is pointless extra work that will do more harm than good.

What you may have that IS worth protecting, and is worth some extra investment are text and images. Hiding the source is a waste of time. Monitoring for copyright infringement is an entirely separate issue.

This is where we put our extra resources. We used to be 'nice' and go with heavy handed C&Ds. No more. These days - straight to heavy handed documentation of theft and DMCA with Google. Like the C&Ds, DMCAs with hosts were effective at fast action- but there tend to be no consequences. Our last rip, she (a thief) gave such a grief about our 'heavy handed tactics', that we have had some extensive discussions with our lawyer about 'making a deal' on the next infringement. A contingency based suit. We cede all monies the attorney selected is able to collect in exchange for a suit that results in the enforcement of our copyrighted images or text. The infringer can settle quick and cheaper, or slow and expensive. Won't much matter to us or the attorney. Am truly looking forward to our first case. When we get ripped, it tends to be extensive and the documentation is slam dunk.


 1:41 pm on Aug 10, 2009 (gmt 0)

Well. Thanks for all the replys. The good news is I found a site that hides it.

<snip> Can't view source unless you do a [validator.w3.org...] with the show source option checked. It exist.

[edited by: engine at 2:51 pm (utc) on Aug. 10, 2009]
[edit reason] No specific sites, thanks, see WebmasterWorld TOS [/edit]


 2:02 pm on Aug 10, 2009 (gmt 0)

I just PM'd you that hidden source code.

It took me all of 2 seconds to grab it.


 2:59 pm on Aug 10, 2009 (gmt 0)

Well you got the source. I could get it to .. But on IE8 & 7 the source is officially hidden (unless you use the validator or some other way.)


 3:10 pm on Aug 10, 2009 (gmt 0)

>But on IE8 & 7 the source is officially hidden

Sorry, but no, it's not. I got to it easily with IE8.


 3:28 pm on Aug 10, 2009 (gmt 0)

This is all moot.

With any command line tool like wget or curl I have that source in a blink of an eyelid.

Real hackers and scrapers do not use browsers to scrape your code, never did.


 4:30 pm on Aug 10, 2009 (gmt 0)

The good news is I found a site that hides it.

Did you read ANY of the previous posts? You can't hide your source code.

Once again I ask what is so important about your code that it would need to be hidden in the first place?


 10:59 pm on Aug 10, 2009 (gmt 0)

Can't view source unless ...

In other words: you CAN view the source code.

And there is not one unless like you already found there are thousands of ways to get to it, it's not hidden at all but to the most junior of juniors out there, and even then it'll take them minutes to beat it anyway.

So bottom line it not only does not exist, it even CANNOT exist.


 7:37 pm on Aug 12, 2009 (gmt 0)

Ok, I give up. Id like to know but I guess your right about that 'hidding the source means nothing because the bad people will find it anyway' comment.


 8:12 pm on Aug 12, 2009 (gmt 0)

The bigger issue is your job description and relationship to the "boss". I wouldn't let him see this thread if overselling your skill level. This is Class 101 stuff.

It's not necessarily about "bad people" anyway. The 'open source' concept allows everyone to develop technology and applications much further and faster by not 'keeping secrets' or going 'proprietary'. There ARE differing views (and degrees of same) as to what to leave 'open' and what to 'protect'. I share some belief in both for varying reasons.

Members will tell you some tricks, but not others. Everyone draws their own line. Especially in these fora. They may help you a little, for which you will be grateful and benefit - but not help you as much as they could; holding back a few nuggets of info. A lot of that depends on the specific forum.

You can't hide your source, but the more skills you have, the more advantage you have. Do you use includes for logo, header, navigation, footer, contact information..... The rendered code will show up in the source as just more lines of HTML - but what is not seen is the thirty seconds that it takes to put a new logo on 200 pages. Learning how to do that takes more work, and viewing your source gives up a lot less 'secrets' than you think. Like a shopping cart. No problem to rip the code for on-page presentation. It takes actual work to learn how to configure carts to do what you want and make it work.

Don't worry about anybody else. Just do the work. Build. Improve. Upgrade. Streamline behind the scenes. It should never end.


 8:51 pm on Aug 12, 2009 (gmt 0)

the source is officially hidden

Not likely.

I'm curious what they used to fool you into thinking it was hidden.

[edited by: engine at 9:39 am (utc) on Aug. 15, 2009]

JAB Creations

 1:04 am on Aug 17, 2009 (gmt 0)

At best you could try to AJAX the source but I could still CTRL+A and view selected source in Firefox regardless.

All clientside code is sent to the client period. You'll have an easier time making rocks bleed then hiding code clientside code.

The fact that you can view any and all clientside code but no serverside code is a fundamental part of understanding the roles of each of the languages. Don't let it get you down though...however you will want to make sure your boss understands that there is no realistic way to achieve this goal and no amount of time and/or money will come close to achieving that. At best all you can do is reserve your "feature" for premium members thereby restricting access...though those people can still get the code if they want.

I've had a lot of people tell me not to bother doing this or that and I've proven all those people wrong in the past...but this is a goal you're just not going to achieve.

- John

[edited by: tedster at 2:16 am (utc) on Aug. 17, 2009]


 1:36 am on Aug 17, 2009 (gmt 0)

I still wonder what is so special about the code that it needs to be hidden in the first place.


 8:27 am on Aug 17, 2009 (gmt 0)

This comes up regularly on forums aimed at beginners, and I always get flamed by kiddies who believe that "no right click" scripts work when I say that they don't.

The most striking thing is that those who are most eager to hide their code, content or images are those with the least likely to have it stolen.


 3:07 pm on Aug 22, 2009 (gmt 0)

... those who are most eager to hide their code, content or images are those with the least likely to have it stolen...

This is very true. Of all the sites that I have come across using those silly hacks and scripts, there is not one that I would want to "steal" any code from.


 2:23 am on Sep 3, 2009 (gmt 0)

relieve yourself of all the nonsense and just use Flash, however your text will have to be embedded in the .swf file. If you try to embed with XML or .txt it will be ripped one way or another.


 5:25 am on Sep 3, 2009 (gmt 0)

You can't say it does not exist because it does.

Are you talking about not being able to right-click on a site?

If so, this is easily circumvented by going to "view source" from the toolbar of the browser you're using. Not to mention any of the MANY other methods (that have been mentioned) -- browser tools, site downloaders, etc.

Truly, the only way to hide it is to not upload it.


 10:02 am on Sep 3, 2009 (gmt 0)

just use Flash,

most of us here can rip/diss flash ( and reassemble it with alterations ) in the time it takes me to sip my coffee ..mmmmmm :)..if it can be seen in the browser ..it's in the wild ..
Your boss doesnt believe you ? show him this thread .

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / HTML
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved