Source Code Encryption
-
I want it to be encrypted on the client side. I do not want the user to see my source for security purposes
The standard answer: You can't stop someone from decompiling your code while still letting them execute it. You can "obfuscate" it (Which just changes the variable/method/class names to random junk) to make it difficult to understand, and you can encrypt any strings you store in it (While obfuscating the decryption key), but nothing is foolproof. If someone is determined to read your code and is willing to put in the time and effort, they can do it.
Proud to have finally moved to the A-Ark. Which one are you in? Developer, Author (Guardians of Xen)
-
I want it to be encrypted on the client side. I do not want the user to see my source for security purposes
Ok Guys it seems that i used some wrong terminology , once i was working on a web application when my PM did something suddenly when i right click on view page source there was nothing related to the page source. This is what i want to implement in my new application. Hope i explained it.
-
I want it to be encrypted on the client side. I do not want the user to see my source for security purposes
khalil.kamel wrote:
for security purposes
Security by Obscurity[^] does not provide real protection. Furthermore, if you are talking about your executable, what do you think encryption it will do? How could you expect the CPU to run code that it does not know? Unless it decrypts it first, but the user has the same knowledge as the CPU, which now apparently includes all information necessary to decrypt it, so you gain nothing. [edit]Ok I starting posting before that last post of yours. The same principle applies. How does the browser know what to render if it doesn't have the source?
-
khalil.kamel wrote:
for security purposes
Security by Obscurity[^] does not provide real protection. Furthermore, if you are talking about your executable, what do you think encryption it will do? How could you expect the CPU to run code that it does not know? Unless it decrypts it first, but the user has the same knowledge as the CPU, which now apparently includes all information necessary to decrypt it, so you gain nothing. [edit]Ok I starting posting before that last post of yours. The same principle applies. How does the browser know what to render if it doesn't have the source?
-
What am talking about is i do not want the client when he clicks view page source to view the javascript functions the control ids and so on...
-
So was I, in the part after the edit. How do you expect the browser to execute encrypted JavaScript, without decrypting it first? You couldn't decrypt it first, because that would mean giving away the decryption code on a silver platter.
-
Well I swear i know what are you saying and i do not know what did that person did but i really want to know how did he did it. Does any body has any suggestion?
From your description in the other post, all your coworker did was remove the "View Source" option from the menu, probably using a javascript function. This is not secure. It's just aesthetic. It only makes it a little more difficult to view the source, NOT impossible.
Proud to have finally moved to the A-Ark. Which one are you in? Developer, Author (Guardians of Xen)
-
Well I swear i know what are you saying and i do not know what did that person did but i really want to know how did he did it. Does any body has any suggestion?
I have a suggestion of how to make it "slightly harder" to quickly see all JavaScript: put the real code in a base64-encoded string, decode that and write that to the page in a normal function that people can see. It won't stop a hacker, but it may stop the bored school kids who have nothing better to do than messing around with people's sites. Don't rely on it.
-
What am talking about is i do not want the client when he clicks view page source to view the javascript functions the control ids and so on...
Well you can use JScript.Ecode[^] (MSDN[^] )but that really isn't very secure because anyone can decode it using the utility that is free from MS. Once your JScript is encoded just set the Type on the script tag to "JScript.Encode" But it will stop your know nothing users from getting the source of your JScript. You should also put all your JS in a separate file and include it ... just another step for someone to decode it. Another option would be to use AJAX to load all of your scripts and stuff, that way if the user views source they will only see the content that was originally sent to the browser and not anything AJAX has loaded. The AJAX method is the best in my opinion but it could cause you to have to re-write your entire project to get rendered this way (read as PAIN IN THE A$$)
If at first you don't succeed ... post it on The Code Project and Pray.
-
What am talking about is i do not want the client when he clicks view page source to view the javascript functions the control ids and so on...
Don't know about Web Application however i encrypt windows appilcation using Java. If you wish i can give you a whole bunch of security keys.
-
Well you can use JScript.Ecode[^] (MSDN[^])but that really isn't very secure because anyone can decode it using the utility that is free from MS. Once your JScript is encoded just set the Type on the script tag to "JScript.Encode" But it will stop your know nothing users from getting the source of your JScript. You should also put all your JS in a separate file and include it ... just another step for someone to decode it. Another option would be to use AJAX to load all of your scripts and stuff, that way if the user views source they will only see the content that was originally sent to the browser and not anything AJAX has loaded. The AJAX method is the best in my opinion but it could cause you to have to re-write your entire project to get rendered this way (read as PAIN IN THE A$$)
If at first you don't succeed ... post it on The Code Project and Pray.
-
From your description in the other post, all your coworker did was remove the "View Source" option from the menu, probably using a javascript function. This is not secure. It's just aesthetic. It only makes it a little more difficult to view the source, NOT impossible.
Proud to have finally moved to the A-Ark. Which one are you in? Developer, Author (Guardians of Xen)
-
Well I swear i know what are you saying and i do not know what did that person did but i really want to know how did he did it. Does any body has any suggestion?
You can override the context menu to "hide" the view page source option, but it won't remove it from the browser menu. There is no way to completely remove the ability to view the page source because it must be sent down in a way that the web browser can interpret and display it.
"WPF has many lovers. It's a veritable porn star!" - Josh Smith
As Braveheart once said, "You can take our freedom but you'll never take our Hobnobs!" - Martin Hughes.
-
You can override the context menu to "hide" the view page source option, but it won't remove it from the browser menu. There is no way to completely remove the ability to view the page source because it must be sent down in a way that the web browser can interpret and display it.
"WPF has many lovers. It's a veritable porn star!" - Josh Smith
As Braveheart once said, "You can take our freedom but you'll never take our Hobnobs!" - Martin Hughes.
-
Google, and ye shall receive... http://www.codingforums.com/showpost.php?p=20367&postcount=11[^] http://www.15seconds.com/howto/pg000916.htm[^]
Proud to have finally moved to the A-Ark. Which one are you in? Developer, Author (Guardians of Xen)
-
Well, not with C#, that's for a start. Shouldn't you take this over to the web development forum? You'll possibly want to ask about doing it in jquery while you're over there, or disabling the right click.
"WPF has many lovers. It's a veritable porn star!" - Josh Smith
As Braveheart once said, "You can take our freedom but you'll never take our Hobnobs!" - Martin Hughes.
-
Well, not with C#, that's for a start. Shouldn't you take this over to the web development forum? You'll possibly want to ask about doing it in jquery while you're over there, or disabling the right click.
"WPF has many lovers. It's a veritable porn star!" - Josh Smith
As Braveheart once said, "You can take our freedom but you'll never take our Hobnobs!" - Martin Hughes.
-
Ok thanks i will post it on the other forum thanks for helping me guys but as a last question you are saying that to do what i am asking for i should use jquery not C# code. Right?
You need to use Javascript for this, not C#. Suppose I wanted to view your webpage on a Linux distro - how would you stop me from viewing the source there?
"WPF has many lovers. It's a veritable porn star!" - Josh Smith
As Braveheart once said, "You can take our freedom but you'll never take our Hobnobs!" - Martin Hughes.
-
You need to use Javascript for this, not C#. Suppose I wanted to view your webpage on a Linux distro - how would you stop me from viewing the source there?
"WPF has many lovers. It's a veritable porn star!" - Josh Smith
As Braveheart once said, "You can take our freedom but you'll never take our Hobnobs!" - Martin Hughes.
-
Ok Guys it seems that i used some wrong terminology , once i was working on a web application when my PM did something suddenly when i right click on view page source there was nothing related to the page source. This is what i want to implement in my new application. Hope i explained it.
You're getting a lot of responses here. It seems to me that you have no idea what you're doing. 1 - right clicking on a web page lets you view the HTML, not the source code. 2 - the code your PM did to stop right clicks, is useless, anyone can defeat it 3 - there's nothing similar in a non web app, because it doesn't use HTML 4 - anyone can read your source code ( unlike a web app ), using reflection 5 - you can use free obsfucators, but free or commercial, they won't stop anyone determined 6 - you can spend a lot of money on tools that remove your source code, 7 - odds are high that it's not worth the effort.
Christian Graus Driven to the arms of OSX by Vista. Read my blog to find out how I've worked around bugs in Microsoft tools and frameworks.