GoFuckYourself.com - Adult Webmaster Forum - View Single Post

gambino · 09-21-2005, 05:53 PM

The definite answer is: there is no 100% safe method for encrypting or hiding your javascript or html code.
Why? These are scripting and markup languages which means that for any browser to understand, display and/or run them it MUST have the source, and if there is a way for the browser to get it, there sure is a way for a (experienced) user to get it!

However, this doesn't mean that you can't make code-stealing (much) more difficult:
1) You can use javascript to disable the right mouse button (easily disabled in some browsers)
2) You can use the .htaccess file to limit the referer (again, some browsers can fake the referer variable, or a simple php script will do the trick of fooling the server that the allowed referer was used)
3) You can encrypt your script using a javascript function, add the encrypted script along with a decryption function to your html, but have that function written 'escaped' and than just "eval(unescape(name_of_your_decrypting_function)); " -- If you want to see how this works look at the source of http://www.protware.com/e_demo.htm (Personally, I find this solution to take most time to 'break' especially is customized encryption script is used, but again a not so complex js will "decrypt" this in a snap)
...) can't think of any more right now

Using 1+2+3+... obviously is the best solution if you're willing to spend that much time on hiding the code. Besides, if you bought that code, there is probably hundreds of other sites where someone can find that code -- this is actually something the maker/owner of the code should worry about.

Regards

09-21-2005, 05:53 PM
gambino Confirmed User Industry Role: Join Date: Sep 2005 Posts: 2,326	The definite answer is: there is no 100% safe method for encrypting or hiding your javascript or html code. Why? These are scripting and markup languages which means that for any browser to understand, display and/or run them it MUST have the source, and if there is a way for the browser to get it, there sure is a way for a (experienced) user to get it! However, this doesn't mean that you can't make code-stealing (much) more difficult: 1) You can use javascript to disable the right mouse button (easily disabled in some browsers) 2) You can use the .htaccess file to limit the referer (again, some browsers can fake the referer variable, or a simple php script will do the trick of fooling the server that the allowed referer was used) 3) You can encrypt your script using a javascript function, add the encrypted script along with a decryption function to your html, but have that function written 'escaped' and than just "eval(unescape(name_of_your_decrypting_function)); " -- If you want to see how this works look at the source of http://www.protware.com/e_demo.htm (Personally, I find this solution to take most time to 'break' especially is customized encryption script is used, but again a not so complex js will "decrypt" this in a snap) ...) can't think of any more right now Using 1+2+3+... obviously is the best solution if you're willing to spend that much time on hiding the code. Besides, if you bought that code, there is probably hundreds of other sites where someone can find that code -- this is actually something the maker/owner of the code should worry about. Regards