Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
is there anyway to hide page source from being revealed? 1
- Thread starter wvdba
- Start date
-
1
- #2
Yes, don't put it on the internet.
Otherwise No.
The Browser needs access to the source to render the page, so it will download it, and it will be available to the user to see.
What in your source could be so important and secret you don't want anybody to see?
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.
Otherwise No.
The Browser needs access to the source to render the page, so it will download it, and it will be available to the user to see.
What in your source could be so important and secret you don't want anybody to see?
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.
- Thread starter
- #3
well, if a hacker wants to see the action and method on a page that links to another page, the source reveals that. example:
home_page - a button is clicked on a form and takes you to page2.asp. in this case page2.asp is revealed. how to keep the user from directly going to page2.asp?
home_page - a button is clicked on a form and takes you to page2.asp. in this case page2.asp is revealed. how to keep the user from directly going to page2.asp?
Suggest you re-read vacunita's post
___________________________________________________________
If you want the best response to a question, please check out FAQ222-2244 first.
'If we're supposed to work in Hex, why have we only got A fingers?'
Drive a Steam Roller
Steam Engine Prints
___________________________________________________________
If you want the best response to a question, please check out FAQ222-2244 first.
'If we're supposed to work in Hex, why have we only got A fingers?'
Drive a Steam Roller
Steam Engine Prints
traingamer
Programmer
If you have code on page2.asp that requires users to be logged in, etc., that could prevent them from going directly there.
If page2.asp is just a display page with no checking, there is no way to prevent users from linking, going directly there, etc.
Greg
People demand freedom of speech as a compensation for the freedom of thought which they seldom use. Kierkegaard
If page2.asp is just a display page with no checking, there is no way to prevent users from linking, going directly there, etc.
Greg
People demand freedom of speech as a compensation for the freedom of thought which they seldom use. Kierkegaard
But wouldn't the user see that they are on page2.asp when they actually reached that page? There's no way you could have users on a page they wouldn't know they're on.
___________________________________________________________
[small]Do something about world cancer today: Comprehensive cancer control information at PACT[/small]
___________________________________________________________
[small]Do something about world cancer today: Comprehensive cancer control information at PACT[/small]
faq215-3101
-------------------------------------------------------
Mark,
[URL unfurl="true"]http://aspnetlibrary.com[/url]
[URL unfurl="true"]http://mdssolutions.co.uk[/url] - Delivering professional ASP.NET solutions
[URL unfurl="true"]http://weblogs.asp.net/marksmith[/url]
-------------------------------------------------------
Mark,
[URL unfurl="true"]http://aspnetlibrary.com[/url]
[URL unfurl="true"]http://mdssolutions.co.uk[/url] - Delivering professional ASP.NET solutions
[URL unfurl="true"]http://weblogs.asp.net/marksmith[/url]
Browse the internet for a moment, you'll see everybody even large companies like Microsoft have their code available to see. And If you look at the forms you'll probably see the processing script and method.
I give you Microsoft.com's search bar form:
Code:
<form name="aspnetForm" method="post" action="default.aspx" id="aspnetForm">Even if you could do it, hiding your form from view is not going to prevent a hacker from breaking into your website.
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.
Obscurity is not security.
If you hide something you aren't making it secure you are just hiding it. The 2 things are not the same.
Taking your example, if you wish to make sure that a visitor to page2.asp has come from page1.asp then put a check on page2.asp to that effect.
Perhaps write a cookie or store something in a session variable when on page1.asp then check for that on page2.asp.
You should write code that prevents misuse not simply try to hide things. That's akin to stuffing your toys under your bedclothes when your mum asks you to tidy your room.
--
Tek-Tips Forums is Member Supported. Click Here to donate
<honk>*:O)</honk>
Tyres: Mine's a pint of the black stuff.
Mike: You can't drink a pint of Bovril.
If you hide something you aren't making it secure you are just hiding it. The 2 things are not the same.
Taking your example, if you wish to make sure that a visitor to page2.asp has come from page1.asp then put a check on page2.asp to that effect.
Perhaps write a cookie or store something in a session variable when on page1.asp then check for that on page2.asp.
You should write code that prevents misuse not simply try to hide things. That's akin to stuffing your toys under your bedclothes when your mum asks you to tidy your room.
--
Tek-Tips Forums is Member Supported. Click Here to donate
<honk>*:O)</honk>
Tyres: Mine's a pint of the black stuff.
Mike: You can't drink a pint of Bovril.
- Thread starter
- #11
Total newbie here with a question about this. I'm mostly and application programmer trying to broaden my skills so I've been playing with all this Html, CSS, Php, and Zend Framework stuff. Noticed that when I select 'View Source' from my browser (Firefox) when using this Model/View/Controller stuff in Php/Zend that none of the php/zend calls show up in the view of the source stuff.
Would you consider this a way of hiding the 'source code' since the Php/Zend functionality is translated server side? I guess in a real sense the page still has to know what functionality to call on the submit?
thanks for indulging my curiosity.
Ralph
Would you consider this a way of hiding the 'source code' since the Php/Zend functionality is translated server side? I guess in a real sense the page still has to know what functionality to call on the submit?
thanks for indulging my curiosity.
Ralph
Olaf Doschke
Programmer
Hi rkolva!
The View Source item of the browser is only there to show the html source. It can't give you php code, because if it requests the php the webserver is configured to execute that php instead of simply returning it. It would be a matter of misconfiguration of the webserver to see the actual php code. There are other vulnearbilities, eg leaving a default password for the root user in a mysql database, allowing remote connection to the database, leaving phppinfo.php so everybody can see how the server is configured. Leaving setup scripts, installing things like masqldumper in default locations and not securing access to that folder. Most dangerous: executing user input, may it be html,javascript,php,sql or whatever.
Even if you apply some javascript to disable the context menu of the browser it's just a matter of some VBA code to OLE automate the browser and get at the html source code.
The security needs to be on the server side.
Bye, Olaf.
The View Source item of the browser is only there to show the html source. It can't give you php code, because if it requests the php the webserver is configured to execute that php instead of simply returning it. It would be a matter of misconfiguration of the webserver to see the actual php code. There are other vulnearbilities, eg leaving a default password for the root user in a mysql database, allowing remote connection to the database, leaving phppinfo.php so everybody can see how the server is configured. Leaving setup scripts, installing things like masqldumper in default locations and not securing access to that folder. Most dangerous: executing user input, may it be html,javascript,php,sql or whatever.
Even if you apply some javascript to disable the context menu of the browser it's just a matter of some VBA code to OLE automate the browser and get at the html source code.
The security needs to be on the server side.
Bye, Olaf.
That is the same with any server side language. The server side code isn't visible to the user; it's only the HTML/Javascript/CSS that it generates that the user can see in "View Source".
-------------------------------------------------------
Mark,
[URL unfurl="true"]http://aspnetlibrary.com[/url]
[URL unfurl="true"]http://mdssolutions.co.uk[/url] - Delivering professional ASP.NET solutions
[URL unfurl="true"]http://weblogs.asp.net/marksmith[/url]
-------------------------------------------------------
Mark,
[URL unfurl="true"]http://aspnetlibrary.com[/url]
[URL unfurl="true"]http://mdssolutions.co.uk[/url] - Delivering professional ASP.NET solutions
[URL unfurl="true"]http://weblogs.asp.net/marksmith[/url]
EdwardMartinIII
Technical User
Well, sure. If your website is completely produced server-side and only generates an HTML front end, then the HTML front end is what people will see when they view your page.
That way, your actual SOURCE is hidden. Your HTML can still be viewed, though.
There was a brief flirtation with fission power in the early Twentieth Century-- oh, I mean, there was a brief flirtation with having executables online in the early days of the Internet. So, you could write up your whole website as an executable application, and simply post that.
I'd recommend against that path, myself. It's madness. And not in that invent-a-flying-machine kind of way.
![[monkey]](/data/assets/smilies/monkey.gif "[monkey] [monkey]")
Edward
"Cut a hole in the door. Hang a flap. Criminy, why didn't I think of this earlier?!" -- inventor of the cat door
That way, your actual SOURCE is hidden. Your HTML can still be viewed, though.
There was a brief flirtation with fission power in the early Twentieth Century-- oh, I mean, there was a brief flirtation with having executables online in the early days of the Internet. So, you could write up your whole website as an executable application, and simply post that.
I'd recommend against that path, myself. It's madness. And not in that invent-a-flying-machine kind of way.
Edward "Cut a hole in the door. Hang a flap. Criminy, why didn't I think of this earlier?!" -- inventor of the cat door
- Thread starter
- #16
ok,
thanks everybody. so, the code hiding is not possible. is there anyway to pass a value from one page to another page without being revealed to the user? example: page1.asp passes a constant value to page2.asp. is it possible?
thanks.
thanks everybody. so, the code hiding is not possible. is there anyway to pass a value from one page to another page without being revealed to the user? example: page1.asp passes a constant value to page2.asp. is it possible?
thanks.
traingamer
Programmer
Of course. I suggest you move the discussion to the ASP forum and get specific answers there.
Greg
People demand freedom of speech as a compensation for the freedom of thought which they seldom use. Kierkegaard
Greg
People demand freedom of speech as a compensation for the freedom of thought which they seldom use. Kierkegaard
- Thread starter
- #18
EdwardMartinIII
Technical User
is there anyway to pass a value from one page to another page without being revealed to the user?"
Well, you could hide the value in a hidden control.
Edward
"Cut a hole in the door. Hang a flap. Criminy, why didn't I think of this earlier?!" -- inventor of the cat door
Well, you could hide the value in a hidden control.
Edward "Cut a hole in the door. Hang a flap. Criminy, why didn't I think of this earlier?!" -- inventor of the cat door
EdwardMartinIII
Technical User
is there anyway to keep the source of a page from being revealed?"
Okay, I had a Mildly Evil Thought about this.
I would think, with a mild understanding of regular expressions, that a person could readily write a translator that would convert an ordinary web page into a gobbledegook of character entity calls, even the spaces and tabs.
So, viewing the source would still make the thing practically unreadable (and approximately four times normal size), but it would render great.
Certainly it's not "hiding" the behind-the-scab code, but it's making it so ugly and uselessly unreadable that you might as well laugh in their face each time they do a view code.
And if your converter is your final stage before deployment, then everything you do on your side is still completely transparent.
There's GOT to be some sort of moral code against doing that, though...
Edward
"Cut a hole in the door. Hang a flap. Criminy, why didn't I think of this earlier?!" -- inventor of the cat door
Okay, I had a Mildly Evil Thought about this.
I would think, with a mild understanding of regular expressions, that a person could readily write a translator that would convert an ordinary web page into a gobbledegook of character entity calls, even the spaces and tabs.
So, viewing the source would still make the thing practically unreadable (and approximately four times normal size), but it would render great.
Certainly it's not "hiding" the behind-the-scab code, but it's making it so ugly and uselessly unreadable that you might as well laugh in their face each time they do a view code.
And if your converter is your final stage before deployment, then everything you do on your side is still completely transparent.
There's GOT to be some sort of moral code against doing that, though...
Edward "Cut a hole in the door. Hang a flap. Criminy, why didn't I think of this earlier?!" -- inventor of the cat door
- Status
Similar threads
- Locked
- Question
