hwg-basics archives Jan 2003 new search results previous next

RE: Software for Locking/Hiding HTML

by Brian V Bonini <b-bonini(at)cox.net>

 Date:  03 Jan 2003 08:48:57 -0500
 To:  HWG Basics <hwg-basics(at)hwg.org>
 References:  miswebdesign
  todo: View Thread, Original 

This is really nothing new, I've been using PHP and JS to encrypt
sections of pages for years. In my case not to hide source but rather to
hide email addresses from email harvesting software. The downside of
this is obviously that your relying on JS, a client side technology, in
part to render the page correctly. And as someone else pointed out, this
is only effective for the casual user.

> On Sat, 21 Dec 2002, Carol Parent wrote:
> 
> > Hello,
> >
> > I am not sure if I have seen this app on this list so thought I would
> > pass along.  An article came into my mailbox that introduced the ability
> > to 'hide the source code of your pages.'
> >
> > I have never used it so do not know how well it works.  But am passing
> > along the web address if you wish to check it out.
> >
> > http://www.atrise.com/htmlock/
> 
> Oh it works just fine. Hit on http://www.atrise.com/htmlock/lockedsrc.html
> and you get a 'copy' of yahoo.com that cannot 'view source.'
> 
> Buuut it uses an XOR encryption which with modern CPU speeds oughn't be
> too tough to brute force decrypt. Encrypted does not mean protected.
> 
> --->> Buuuuuuut.... and this is the kicker. :) The source code for various
> browsers is available. I *THINK* a coder could modify the JS engine to
> output a separate file that is the HTML it renders. Remember, the client
> cannot 'render encrypted HTML,' only HTML. I -think- this idea is true,
> I'd appreciate it if a real coder could confirm/deny this. But if not
> doable brute force works anyway.
> 
> There're a few articles available via groups.google 'atrise htmlock'
> regarding the topic. Someone posted an encrypted page with a reply from
> someone who said he decrypted it.
> 
> Other details...
> 
> Buuuut it *requires* JS to simply *VIEW* the page! This means that the
> casual user who has no interest in seeing the source can't see the page at
> all with JS disabled.
> 
> Buut it increases page size 50%-100% (so says their info.)
> 
> Short answer: a cute party trick with little or no value. Like any lock,
> it protects only from casual thieves; there is *NO* protection anywhere on
> the net, or the earth for that matter, from a One True Hacker [tm jb].
> 
> Have a :) day!
> 
> jb
> 
> --
> jim barchuk
> jb(at)jbarchuk.com
>

HTML: hwg-basics mailing list archives, maintained by Webmasters @ IWA