Preventint Source WITH A SERVER SIDE LANGUAGE

[l3vi]

How could I prevent my source code from being viewed by using Server Side languages? And if I were to attempt protecting it using a server side lanugage, what language would it be in????? Thanks 4 n e hlp!!!

[raf]

don't think this is possible. server sided programming will send html source-code to the browser. I solved this by working inside a window without bars and by disabeling the right mousbutton.

this is an example of an app i'm working on where i implemented that

http://24.226.62.28/rbulteri/mainsit...ingGranIT.html

[Roy Sinclair]

You need to understand that the browser MUST have source in order to display a page to the user, readable source and only readable source is what the browser uses. No matter what steps you take to make it difficult for a user to see that code the bottom line is that the source must be available to the browser somehow and thus the source is also going to be available to you users.

The key is simply not putting anything into the source that could be used to compromise your site and trust absolutely nothing that comes from the web. That's where server side code comes in, use code on the server to validate all the data you receive from a user and to prevent the user from seeing any passwords or other sensitive information. The server side code can generate the "source" that's passed to the user's browser.

Also make sure your web server is set up so the user must execute the server side code, leave no door open for the user to download the code regardless of whether it's a script (PHP,PERL, ASP....) or a compiled program (C++, Pascal...). That's where you want to protect your code.

Of course if what you're wanting to protect is some nifty javascript then just forget it entirely, you're wasting your time trying to protect something that's gotta be public in order to be useful.

[raf]

Roy Sinclair is right. It probably will always be readable and validation etc should be done serversided.
I implemented the fullscreen and right mousbutton stuff because this app requires that the client respects the build in screenflow
There's nothing mysterious in the source (except for some hidden (form)fields that contain data the user inserted in previous forms). It's sole purpose is to prevent the user from knowing the filename's and accessing them from the adress bar. This woudn't dammige my app (each action is checked and validated serversided before it gets executed), but would lead to errormessages and confusion/frustration with the client.

If you're trying to hide some big secrets, you'll probaly need to compile the sources and run whatever you're trying to hide as an applet or so.

[oracleguy]

I think there is a big misconception with "using server-side code" to hide your source. It just seems that "newer" coders think that hides it. But Roy and Raf explained it clearly.

[l3vi]

okay. Thanx 4 the hlp. I heard sumwhere that it does. In the javascript or Html forum about protecting source...