We've had this discussion a million times already. A good ol' site search [webmasterworld.com] will give you the same answer over and over again: If you don't want the source to be viewed, don't publish it on the Internet. You can't do anything to hide/secure/protect it.

'La propriété c'est le vol'.
Proudhon

;)
birdbrain

Ok, if I can't hide it, if I encrypt it using an HTML encrypting program will anyone be able to unencrypt the code?

J4T

A lot of effort for not much gain.

there are free programs that will encode html then the browser reads this and converts it back to html. only thing is though i think it renders the page unspiderable. not sure about that ive never actually used it. I will sticky you an address.

Why would you want to hide your markup in the first place? It's already impossible to protect your content (cut & past + drag & drop which you can't do much about), so why do something that is only going to cause fustration on the part of your visiters, especally those who have JS turned off?

just by looking at the layout of a site a half decent web designer could reproduce the site almost the same anyway. I think the main reason that people do it is to minimize theft from the average user. but in doing so it just annpys everyon else who just wants to use their browser as it was intended.

on the other hand you could make a page that is totally SE unfriendly and full of errors, that way they will look at the code and forget about copying it, lol

on the other hand you could make a page that is totally SE unfriendly and full of errors, that way they will look at the code and forget about copying it, lol

I think i have seen a few sites out there like that!
lol!

Mac

To me, trying to "protect" markup is largely then an exercise in egotism and misplaced selfishness. Really, what is the point? The web is an open-source environment. Any attempts to apply a closed-source methodology in an open-source environment is doomed to failure.

Ok, if I can't hide it, if I encrypt it using an HTML encrypting program will anyone be able to unencrypt the code?

You don't have to. Just open the file in your browser and save the page -- voila! The browser has decrypted it for you!

It's just one of those things you can't do anything about!
Unless you print the page on paper, burn the paper, and store the ashes in a vault...

I should save this post on my desktop so I can just reuse it every time this comes up.

Reasons to hide your code

1. "My HTML is great, I put a lot of time into it and it will be stolen by the teeming masses that can't do this themselves."
In other words, you have you discovered some fantastic new code that has valid XHTML and CSS and does something so novel and amazing that nobody else could duplicate it just by looking at your page and without having access to your code? I don't think so.

2. "My competitor is stealing my code every time I do an update and making his site look just like mine." This has come up a bunch of times in the copywrite forum. If your competitor is really stupid (which might well be the case in this situation) encryption might actually stop this or make it hard enough that he would resort to other methods. Mostly, though, to really stop this, you will have to keep careful documentation, screenshots, notes, all dated, over a long time and then take the guy to court.

3. "I have sensitive password information on my page." This is a reason to take your page offline immediately and destroy it; it is not a reason to encrypt it.

Tom

You don't have to. Just open the file in your browser and save the page -- voila! The browser has decrypted it for you!

Actually, Doc, it's not quite that simple. There are encryption programs out there that prevent this in the sense that even the saved source code is not human readable. Basically, they run some sort of hash that encrypts the page and then have just enough Javascript code to get the Javascript rolling and decrypting itself. Even this can be made to look encrypted to a neophyte by using, say, Unicode entities throughout for every character.

That then decrypts the page and the browser is happy, but when you save and view the file, it's still a hash of the original. In order to make it less simple, they will use a sequence of hashes so that you can't just try all obvious algorithms to decrypt, but will also have to try combinations. This will in fact be beyond the skill of many people out there.

That said, the point is, what are the chances that I, in my incredible wisdom, have come up with some layout so innovative that it could not be duplicated by some guy with Frontpage and a couple of hours? Of course, his code might be table-heavy and not valid to any known W3C Rec, but would this sort of person care? Not a chance.

If someone is consistently stealing your code, you have to document and take him to court.

I once saw some page that had one of those algorithms that would decode their encoded page. They went through a lot of trouble making it as complicated as possible.

Unfortunately, you still have to output the decoded string. And it's very simple to send that string to an alert window or just post it in the browser. It might fool the average html user, but not a programmer.

Your time would probably be better spent making improvements to your site.

There is only one reason I came up with to encrypt my code.

I have a web based application in ASP. The plain HTML markup is meaningless to encrypt, but the business login, queries, database structure, and other real programing tasks are proprietary and I don't want those stolen.

Now ASP (and php and jsp, etc) is processed server side, translated into HTML and sent to the browser. The user never sees the actual ASP codes.

However, if I want to deliver an "off-line" version of the web application that will run in the browser on the users local machine without connection to the Internet, the user will have access to all my ASP code.

That's not acceptable.

So, I'm investigating methods of encrypting the business logic. The HTML markup is meaningless. People can steal the layout all they want.

But the business logic is priceless.

txbakers,
Have you found anything worthwhile? I found one called crypt html and it said that it would encrypt vbscript. However, vbscript + html it fails miserably. I haven't found anything that would encrypt straight asp files.

Mac

I've come close. I found something called a script "obfuscator" which makes very difficult to crack substitutions against a list.

I did find an IIS emulator which allows me to run ASP pages without having to install the PWS on client machines. But I want to encrypt before I deploy.

I might use the idea of the obfuscator to make my own encryption routine.