| Monte on Mar 31, 2003 at 11:05:56 AM (# 115) Almost makes me want to go to Hootus...for some T&A...and maybe some wings.
PhilOsborn on Mar 31, 2003 at 4:56:38 PM (# 116)Terry,
If you sniffed for Browser first, and then loaded the page corresponding to the faked browser, how would you know? Another twist: set a cookie if the user tries to read the source. Then throw them a substitute page the next time they access.
Terry Young on Mar 31, 2003 at 6:22:04 PM (# 117)> set a cookie if the user tries to read the source
so what events should we catch? right-clicking? anything else we should add to this? and how do we really detect if the user is trying to read the source?
Oh, and does anyone have insight on how to detect if a user is clicking the hootus ^^
gmsolutions on Apr 1, 2003 at 3:45:35 AM (# 118)im not sure if you have cottoned on yet sparkrulez but loading the dom dynamicly simply means you have to read the dom to get it back out. "Not Hard"
Secondly everything you place in a page can be read it doesn matter how you hide it. (Mostly read thrue cache but a local html page can be setup to read all your unsecure cookies)
I very commonly use cookies and the script encoder to help make it difficult to obtain my source but only difficult not impossible. By encoding javascript redirect wich loads another page wich replaces itself in dom. the average compatant web user would need to search nearly every webcache document to find it but the information still exists and a simple search will bring me undone. If you are dead seriouse about security load your page as an encrypted base64 data and ask for the password so a client script can decode it. This simply means that it would take any competant programmer an extra 5 mins to discover your code and obvousely you would only be giving the password to non technical minded pple so they dont go decoding the document from their cache. There are many variants on this like using several encoded scripts on redirects pushed by cookies wich can decode the data for you but every possible instance has been tested. if you encrypt any data to hide it in your cache but provide a means no matter how obscure to decode it you may as well past it in big bold letters.
The point to this once and for all is that it is impossible to hide your code.
Frances on Apr 1, 2003 at 4:08:36 AM (# 119)Crikey
bod1467 on Apr 1, 2003 at 6:03:45 AM (# 120)I know how to do it!!!
Write your HTML source using invisible virtual ink!
;-)
Monte on Apr 1, 2003 at 6:25:54 AM (# 121)What about using a white font on a white background?? ;-)
"Yeah, man, I tell you what that dang ole internet man, you just go on there and point-n-click get in there talkin' bout www.w call me you got them naked chicks on there you go click, click, click, click, click, click, click, click, it's real easy, man." -- Boomhauer
| 
Hiding HTML/SCRIPT... I think it IS possible!