Hi! On Thu, Oct 25, 2001 at 08:48:12AM +0200, Lukas Zapletal wrote: > I have a really big problem now. We are going to install our first > application but we need to hide the sourcecode.
I guess, you think of the HTML code. EmbPerl code (like hardcoded DB passwords or something like that) should be easily protected by Unix (or maybe als NT) file access restrictions against local users, because EmbPerl is a server-side scripting language and the executed EmbPerl code isn't included the returned web page at all. There are just the results viewable in the browser. > User should be not allowed to get the source. Is there any way to do it? In case of HTML code: No. So, you probably *really* have a big problem. But, if your users aren't smart enough (I wouldn't rely on such a statement :-), there are few possibilities: a) Use JavaScript to load the code into the page and make the JavaScript-Code quite obscure (think of JAPHs, see http://www.perl.com/CPAN/misc/japh), so that the URLs, you're fetching aren't very easy to guess. That of course doesn't work without the security holes abounding JavaScript. b) Scramble your HTML code by replacing every alphanumeric (works with every browser, I know) and maybe even more characters by it's numercial HTML entity, e.g. like the scrambled GPL (serving as scrambling demo) at http://fsinfo.cs.uni-sb.de/~abe/download/COPYING.scrambled.html.gz. But this blows up files approximately five times of the original size. That's why the demo mentioned above is gzipped. Source code for a perl script doing this is at http://fsinfo.cs.uni-sb.de/~abe/download/scramblehtml/scramblehtml.pl I use this kind of scrambling mainly to hide email-addresses from simple or dumb web crawlers collecting email-addresses for spammers. And it really make you a headache, reading more than one line of such code manually :-) Of course, with a similar program you also can easily decode the scrambling. But that just will people do, which are really interested in the code, because it's a little bit of work. (Ok, work means here a PERL one-liner. :-) c) Some people try to disable downloading pictures or anything else available in the (right-click) context menu by disabling this menu via JavaScript. But of course this only works on very dumb users. And it's of course necessary, that they haven't switched of JavaScript. But beware: Everything, a web browser can access and display, smart people can access and decode, too. So there is no way to *really* hide code, which is displayed in a webbrowser. P.S.: I wouldn't rely on these methods anyway. Regards, Axel -- $$=42;$_=qq 93233313242132627322017304228173024422013152317309;while(!!$_){$:= $|++;s$[1-4][0-8]$$e;$==$&;$\=pack c,$;=$|.$:;$=+=$=!=$$?$$:-$=-$;;$,=$=+$$;$@ .=pack c,$!!=$$-$;?!!$!!=$:?$=+$$:$,-$$:$,^$|<<chr$;+$|+$$;$!=$,;$|=$:}print$@ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
