I wanted to post a message in the "protecting source codes" thread but unfortunately it is closed. So I'm just gonna post a new thread here..


We'll there are lots of options to view the source code of the page.. so what's left for me to do is to "scramble" them. Scramble them in a sense that the code is easily read by the browser and very hard for humans. I saw a code generator that can scramble your codes but unfortunately I forgot the site. Did anyone came across type of generator? Can you please post the site here?

You can always give this a go, but it is not going to stop me from using:
javascript:unescape((new XMLSerializer()).serializeToString(document).replace(/</g, '&lt;'))
to view the source in correct html

Anyways, this will encrypt the source:
http://www.dynamicdrive.com/dynamicindex9/encrypter.htm

haha wow that lovely...

but is your code really that creative, that out of the ordinary and outstanding that you feel you need to keep it a secret?
1) Someone that wants to steal your content doesn't even need to view the source.
2) Someone that is honestly intent on getting your source is going to just find the decrypter that JustAsking showed.
3) You will be hindering viewing for educational purposes, making SURE that anyone trying to help you with your site leaves in anger, and causing yourself a fair bit of inconvenience at the same time.
4) You'll be increasing load time, as well as the change of errors while your page is loading.
5) Browers w/o javascript or with javascript turned of are going to see nothing.

Just my opinion.... I like open source... that's probably why I use linux :)

-Doug

I think in this day and age it is unlikely that anyone will come up with an unique and original script where they can honestly say that it has never been done before.

And how do you check to see if that code has not been written before when there are literally millions of codes out there on the internet.

For example, I have seen many "Onmouseover Image Change" scripts, some of which have a copywrite on them, yet they have been, and will continue to be written by all newcomers to javascript as part of their learning curve.

There are many similarities between a lot of scripts that I have seen and written so why would anyone want to hide their code.

The only reason to hide or copywrite a javascript is because they THINK it is original.

Naw ......been done before mate

Originally posted by Mr J
been done before

yea so lets no get into another million post debate lol

unforunatly no matter how hard you try, you cant protect source code.
you can only deter a few

Well, my priority for that is when im using the a simple JS Password Encrypter. That's the reason why i need it. =)

What do you need? a way to ask a passwod without the possibility to discover it watching the script? I think that you don't need any source code protection for that

Well, yes. I'm just using the Password Script Encrypter that can be found in DDrive.com. I tried lots of ways to hide the {window.location=username+"_source.html"} but still I got this feeling someone can locate it. Well, the encrypted values can also be copied and decrypt it. Uhm, I'm just resorting to this because the site I'm making is a non-profit one. Oh well..

Yes, I dont like very much that script. You can try with something like this:


a form inputs login & password (i.e. usr:Codding, pw:Forums)

then it opens a new page, checkpwd.htm?CoddingForums (usr+pw)

this page has a simple script like:

<script>
document.write('<script src="../https/'+location.search.substring(1)+'.js"><\/script>'
</script>
<script>
(window.chk)?location.replace(userurl):location.replace('BadPassword.htm')
</script>


and now you only need to create a .js file for every user named with the username+password:

i.e. : CoddingForums.js

with the following code:

chk=true
userurl='thepageofthatuser.htm'

Benefits:
no inverse calculations possible; you know the user & password or there's nothing to do.
No limitation in the number of users. You only need a new .js file for every new one
You still can show a "no valid ID" page
To block an user you only have to delete his .js file (and his page)
The checkpage does'nt appears in history.

So once the user submitted his user and password, a new window will open and search for the "user+pass.js" file and once found a match, the matched *.*js will redirect the user to his URL. Is that it?

That's it. Simple but effective :)

Oh btw, you said a while ago that the checkpage doesn't appear in the history. Thats the "check page" and not the "user page" itself.. So, the page can be opened if there are more than 1 user of the computer by just simply typing the first parts of the URL and there goes the direct link showing up.... *sigh* Can a JS avoid a URL to be stored in the history?

meta tags may do it
*extracted from main page*

<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="no-cache">
<meta http-equiv="Expires" content="-1">
<meta http-equiv="Cache-Control" content="no-cache">


however this isnt 100% effective

humm... I think that this will prevent the browser from storing the page in the cache, but it still will appear in the history... never tried it.
When for the checkpage I said "history", I meant that the Previous/Next buttons of the browser don't register it.

If you need extra security, you will probably have to use PHP, ASP or something like that.

Oh well, I think I'll have to resort to this.. Thanks for the help!