Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: open
In case the moderator pulls the url - I have cut and paste the webpage here:
$allow_script = true;
Body goes here...
$allow_script = false;
Try opening script.php in your browser window and you'll notice you can't view the code!
Can u elaborate please mate. Don't quite understand.
"Obviously, there is some way around it, because the browser has to read it."
I understand that there must be some way around. But would be good if peeps could take through ways to get around it. Such that I could even act to take further steps to block off these ways around.
I understand this is not a final solution - more one of slowing down curious visitors (and hoping they give up) than stopping.
I know that it must theoretically be possible to get around - but how many people would know how to get around. That is the Q.
You could state on your website that they clear their temp folder after each visit to your site - but something tells me this wouldn't work ;-)
To be honest rhodopsin I am quite sure there is nothing much you can do except accept it.
The PHP session one is a new one for me.
I added the "?" because I'm assuming that the script file (.php notwithstanding) is cached - but I haven't actually tried the approach myself.
This could probably be worked around by instructing the server to send a "no cache" header. (this might be ignored).
Suffice to say that there is no 100% way of protecting anything, but there are ways of making it a little tricky. The question is then "who are you hiding it from?". If your script is so whoopee-doo that it needs to be "protected". Then anyone who was put off by the limited defenses available would probably be lacking in the skills needed to make use of the script anyway.
Practicalities aside, it's an interesting contribution.
Currently looking at setting up no cache headers.
Another thing that i am doing to test how good this method is of hiding code - look at this url. Quite interesting. Seeing how it holds up to these tests:
Can anyone think of a way to beat this method of hiding? I am going to use
header("Cache-Control: no-store, no-cache");
to beat the temporary internet file factor - this code stops the browser from caching the php page.
If you can locate the url, just type it into a browser - the browser will display it or prompt you to save it as a file.
If someone wants your code they'll get it - end of story.
About the hex business - that seems very interesting. Would be really greatful if you could point me to more info on this.
This would also encrypt the html content. Or else you can call the code from a .js file and then encrypt only the .js file.
I hoped this help you.
the guy set a challange to crack his code. It took 8 days for someone to do it. Pretty good going. Of course - it was ultimately cracked. Uncrackable is not possible - but it is nice to make them work hard for it.
Haven't checked this out yet. Will write more when looked at it.
Some of the hiding mechanisms in the challenge are just dead ends for people who think they've made it when they, for instance, unscramble the encoded script to find they've been tricked into wasting their time.