Site Shielding Script

[battman323]

OK i saw this script called site shield that claims to be able to block anybody from viewing your source code, or downloading your page to see it offline. I loaded the php script to my root directory and added the script code to a page I wanted to block, but then when I access the page I get a window that pops up asking if I want to let IE access the clipboard, and it won't go away. Just keeps popping up.

Does that script actually work? Or is there another way to do what that script does?

 

[wdmny]

Why won't this idea that's been around for years die? First off, there is basically no value to your HTML. Second, this is impossible. No matter what the solution offered, it's pretty basic to copy what you have, whether it be text or graphics.

Some of the solutions use Javascript to encode your page. Problem here:
1. You've effectively killed search traffic because all the spider sees is a bunch of garbage.
2. People without Javascript on can't see anything
3. I can still copy/paste your actual page in my browser and paste it into a WYSIWYG editor and have same text/images/design.

 

[barman]

exactly wdmny. This may have been cool in 1999 to disable your right-click button, but now its just dump. Not only is it annoying to users, in addition to slowing down your site, but you're sure to fuck your indexing up as well. If you're worried about someone stealing your content that bad, password protect it. Getting you content jacked is just a casualty of war.

 

[battman323]

I'm not talking about disabling the right click. That's easy and just like you said, somebody can just save your HTML file and look at it in an editor.

This script is supposed to stop that from happening. Am I misunderstood or misunderstanding? It's not possible to block people from seeing your HTML code?

The reason why is that I know there's no value to my HTML. I'm not trying to protect "intellectual property" I'm trying to stop specific people from seeing what happens on the page. I don't care if the search engines can't see it, that's not how I drive traffic anyway I've got something better.

I don't care if people want my text or graphics, I just don't want some people to see some of the scripts I'm running on the page.

 

[sleepylee]

Client-side scripts can be seen by anyone - by definition (otherwise how would your browser interpret them?) - server-side scripts should (unless your server is configured incorrectly) never be seen by anyone.

 

[ashbeats]

And if you are worried about the client-side scripts, (jscript,vbscript) on your
page, move it to a external file and encode/encrypt that alone. Leave the html alone. Less pain for you and your users and of course the bots.

- btw, how sensitive can a piece of client-side code be? If it's that hush-hush, then convert it to run server-side.

 

[wdmny]

You were not clear on what exactly you were trying to protect, but my original comments still stand. You can obfuscate your javascript, but it will only be mildly effective and will only slow down your scripts.

As ashbeats said, if you want something protected, keep it on the server side. Anything client side is fair game to whoever is determined to get it.

 

[wesley]

No you cannot stop people from viewing your HTML.. Even if you could do that (in modern browsers) one can just use wget or the lynx text browser to view your site source easily.. If no one could see your HTML, google wouldn't be able to index your site.

And you can't protect javascript either.. There needs to be a decode function and if you just change the decode method to document.write you've got all the source right there.

I've seen some people use the referring url or what not to give you a blank page if you access the javascript URL by typing it in your address bar but it can still be seen by using a logger or what not.. So it's moot.