In fact this is a perfect example. I'm in Gmail now and in the sidebar is an
add for a site called HTML-Protector dot com (not linking to them to avoid
giving them any Google ranking help). This site claims that it will totally
protect your web site, including making it impossible to get any of the
images, making it impossible to get a screenshot, and making it impossible
to decipher the HTML.
Total BS.
In 1 minute I was able to:
take a screenshot of the page
grab an image
look at the raw HTML (here's a sample)
<tr>
<td style="padding-left: 40px; padding-right: 40px;"
class="text12">
<p align="justify"><font color="#333333"><b><u>
<font style="font-size: 11pt;">You absolutely
CANNOT</font></u><font style="font-size: 11pt;">:</font></b><font
style="font-size: 11pt;"><br/>
</font>
<br/>
</font><b><img width="12" height="12" border="0"
align="absmiddle" src="images/bullet.gif"/> </b>
<font color="#333333">View this page WITHOUT entering the "test"
password<br/>
<br/>
</font><b><img width="12" height="12" border="0"
align="absmiddle" src="images/bullet.gif"/> </b>
<font color="#333333">Make ANY sense out of the HTML -- just try
clicking View > Source!<br/>
<br/>
</font><b><img width="12" height="12" border="0"
align="absmiddle" src="images/bullet.gif"/> </b>
<font color="#333333">View this page OFFLINE, or anywhere other
than<br/>
<a href="http://www.html-protector.com/encrypt/sample.htm";>
www.html-protector.com/encrypt/sample.htm</a><br/>
<br/>
</font><b><img width="12" height="12" border="0"
align="absmiddle" src="images/bullet.gif"/> </b>
<font color="#333333">Right-click ANYWHERE on this page, nor
highlight text<br/>
<br/>
</font><b><img width="12" height="12" border="0"
align="absmiddle" src="images/bullet.gif"/>
<font color="#333333"><span style="font-weight:
400;">PRINT</span></font></b><font color="#333333">
this page - or even take a screenshot! (Certain Mozilla-based
browsers may override this)<br/>
<br/>
</font><b><img width="12" height="12" border="0"
align="absmiddle" src="images/bullet.gif"/>
</b>Retrieve this page from your cache... It expires
IMMEDIATELY!</p><p align="justify"><font color="#333333">
In other words, they're completely lying. They made it harder to do than a
non-obfuscated page, but it still only took about a minute to get around it.
On 10/19/07, Brian Kotek <[EMAIL PROTECTED]> wrote:
>
> You're missing the point I think. You aren't going to be able to stop
> people from looking at the source code for anything that the browser renders
> or processes (and that includes JavaScript). The browser has to be able to
> run it, and if the browser can run it, the user can look at it. There is no
> way around this.
>
> On 10/19/07, Richard White <[EMAIL PROTECTED]> wrote:
> >
> > Hi thanks for all your replies. Ok so the html is not possible but was
> > interested in the fact that JS could be encrypted as we have noticed that CF
> > code does not show but the JS along with comments does.
> >
> > we will look into JS encryption
> >
> > thanks
> >
> >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Download the latest ColdFusion 8 utilities including Report Builder,
plug-ins for Eclipse and Dreamweaver updates.
http;//www.adobe.com/cfusion/entitlement/index.cfm?e=labs%5adobecf8%5Fbeta
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:291604
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
