Jump to content

Is there a way to prevent people from viewing your page source code?


ShayB

Recommended Posts

Run a Full Website Scan in Minutes

Yes and no...wasn't that helpful? 

 

There are ways to obfuscate code, but I wouldn't recommend them and it's kind of pointless to try. Using AJAX, you can hide code from inexperienced users, but you have to understand that for a webpage to render properly in a browser, all of the source code has to be served to the user (the client computer) in a form the browser can understand. That means that the user can see it...

 

What is your friend trying to hide? There shouldn't be anything in the source code that needs to be hidden...

Link to comment
Share on other sites

I had someone ask me this when I pulled up someone else's page source code.

 

Is there a way to prevent someone from being able to see it?

 

No.

 

There's absolutely nothing you can do that will prevent an experienced person from being able to see the code.

 

Basic: You prevent right click with java script: I disable java script, reload the page, click view source.

 

Intermediate: You obfuscate the code: I de-obfuscate it with command lines in various programming languages and operating systems. This might make the code hard to understand but it can be broken down.

 

Advanced: Your company creates a browser plugin that downloads encrypted code, decrypts it, and then feeds the decrypted code to your browser to render it: Somebody not me, because I'm not wasting my time on something like that, will either attach a remote debugger, or inject a custom process into the browser to watch the decrypted code get passed to the parser and that would completely circumvent your encryption. This is exactly how a virus can steal your credit card information that is stored in your browser without you having to type it in. The parasite process intercepts the decrypted private information after the browser decrypts it into plain text, which occurs immediately before it transmits that data through SSL, where it's encrypted prior to transmission. Which is alarming easy for the virus to accomplish, since it's injected into the browser, it can utilize it's internal functionality to it's advantage.

 

And the code to do that is out there, so no, it's 100% impossible to completely hide your page's code.

Link to comment
Share on other sites

LOL Thanks, guys.

 

I don't know why, but the fact I could pull up the source code and tell him the site was WP, theme used, plugins, etc., just seemed to freak him out for some reason. :D

 

He doesn't even have a site yet. And it's going to be for a graphics company, not some covert site. :rolleyes:

 

I'd just never had the question before, so I was curious. :D

Link to comment
Share on other sites

LOL Thanks, guys.

 

I don't know why, but the fact I could pull up the source code and tell him the site was WP, theme used, plugins, etc., just seemed to freak him out for some reason. :D

 

He doesn't even have a site yet. And it's going to be for a graphics company, not some covert site. :rolleyes:

 

I'd just never had the question before, so I was curious. :D

 

 

Most "Non-Techies" don't really understand the relationship between the server and the client computer - all the security and stuff you don't want anyone to see happens on the server. What ends up in the browser is the final webpage and the underlying "Source Code" isn't giving away any secrets. 

 

Even huge companies like Google and Facebook still server up HTML "Source Code" to our browsers (although they do a better job of obfuscation than most) - show him the code from a FB page and he'll understand :)

Link to comment
Share on other sites

I had someone ask me this when I pulled up someone else's page source code.

 

Is there a way to prevent someone from being able to see it?

 

 

No, not for HTML.

 

I don't even have to use a browser to view HTML, just download via vb.net.

Link to comment
Share on other sites

No, not for HTML.

 

I don't even have to use a browser to view HTML, just download via vb.net.

 

or in any linux based OS

wget "http://www.website.com" -O webpage.txt 
https://www.gnu.org/software/wget/manual/wget.html

You can even recursively download entire websites, extremely useful for quickly converting a wp site to static pages.

https://msankhala.wordpress.com/2013/10/16/grab-static-website-with-linux-command/

Edit: Moved to Private Section.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.