truly unscoopable code

With total disregard for any kind of safety measures Ronald O.
Christian <ro**@europa.com> leapt forth and uttered:

One of the benefits of coding in php is that a user can't view
your actual php source, only the html it produces. Are there
reasonably simple techniques to avoid having the html scooped
also?

My application is that of developing prototypes for perspective
customers while protecting my code until the sale goes through..
Keeping the PHP code under wraps is easy enough, but the html
that the code produces has value also.

There are many people/websites that claim it is possible to
hide/obfuscate/encrypt html source. But they are all wrong. Most of
the above techniques generally rely on Internet Explorer-specific
ActiveX or Javascript hacks and serve to do nothing but annoying
your visitors.

If you don't want people to download it, then don't upload it.

There isn't anything in anyones html worth stealing anyway.

--
There is no signature.....

Ronald O. Christian wrote:

One of the benefits of coding in php is that a user can't view your
actual php source, only the html it produces. Are there reasonably
simple techniques to avoid having the html scooped also?

Nope, not possible in the slightest. The HTML is parsed and rendered on the
client side. As such, the HTML will always be available to the visitor.

If you have reason to suspect that they are going to be less than honest,
set the caching directives on your website to no-store, password protect it
with a password only you know, and visit them personally to show it to
them. Make sure the password isn't stored, and close the browser before
leaving. Alternatively, show them print outs, or bring a laptop along. If
you don't care about the value of the graphic design, email them
screenshots.

--
Jim Dabell

On Wed, 16 Jul 2003 23:18:01 GMT, CC Zona <cc****@nospam.invalid>
wrote:

Technical workaround options notwithstanding...if you're pitching to people
so untrustworthy and if the HTML itself bears a significant portion of the
project's total value, then you've got larger business problems to address.
Dealing openly with those who can be trusted to honor basic intellectual
property rights is going to be much more effective than attempting to
outwit thieves. Determined thieves will always find a way. Meanwhile,
those who are honest will note your distrust and respond in kind. Not good.

I agree. The ideal solution would be one of which the honorable
customer would be completely unaware.
Ron
-
http://www.christianfamilywebsite.com
http://www.iswizards.com
Definition: Nelp: Contraction of "no help". Colloquial: Help
messages that are of no help whatsoever. Pretains to help files,
messages or documentation that convey no useful information, or
pedantically repeat the blindingly obvious.

Ronald O. Christian wrote:

One of the benefits of coding in php is that a user can't view your
actual php source, only the html it produces. Are there reasonably
simple techniques to avoid having the html scooped also?

Realisticlly no. However, you could obfustcate it using javascript, but
it'd be pretty weak to do so... basically instead of sending html to the
client, send something like

<html>
<head>
... ordinary head stuff like title, css other javascript ...
<script language="Javascript">
window.onload = function() {document.body.innerHTML =
'..huge ass javascript safe string containing html for body
"obfuscated" by having each character as hex/octal escape string';}
</script>
</head>
<body>
Content Loading.
</body>
</html>

But like I say, it's weak, probably troublesome and fairly crappy.

--
James Sleeman
Gogo:Code, http://www.gogo.co.nz/
PHP & Coldfusion Programming Services
Email domain : gogo.co.nz see user in from header!

With total disregard for any kind of safety measures Ronald O.
Christian <ro**@europa.com> leapt forth and uttered:

I'm thinking specifically of rendering the HTML as an image and
displaying the image (a gif or jpg) instead of the code. But
although I can do this "by hand", I don't know of a way to do it
dynamically.

Incredibly bad idea. Not only will your site be extremely slow to
load, suck up tons of bandwidth and be generally annoying but it
will make your chances of good search engine rankings vanish
completly.

Understand this: There is nothing in your html source worth
stealing. Nothing at all. Therefor going to great lengths to
conceal it is pointless.

--
There is no signature.....

Ronald O. Christian wrote:

On Wed, 16 Jul 2003 16:20:32 -0400, Joshua Ghiloni
<jd***@SPAM.ME.AND.DIE.cwru.edu> wrote:

That's utterly impossible. You have to pass the HTML to the client for
the browser to render it.

I'm thinking specifically of rendering the HTML as an image and
displaying the image (a gif or jpg) instead of the code. But although
I can do this "by hand", I don't know of a way to do it dynamically.

Parenthetically, apologies if my original article was posted multiple
times. My news server seems to be having problems at the moment.
Ron
-
http://www.christianfamilywebsite.com
http://www.iswizards.com
Definition: Nelp: Contraction of "no help". Colloquial: Help
messages that are of no help whatsoever. Pretains to help files,
messages or documentation that convey no useful information, or
pedantically repeat the blindingly obvious.

In that case, as much as I hate to suggest it, may I suggest a flash
site? You can add dynamic content there, and give your users a "tour" of
the site. With regards to your image idea, see other posts regarding
bandwidth. In addition, don't forget that HTML is a rendering language,
so the same block of code will always appear exactly the same on every
computer using a certain browser. What that means is even if you've got
an image of your site, someone can look at it and with enough ingenuity,
recreate it by looking at it -- the web-design equivalent of playing by ear.

Ronald O. Christian wrote:

On Wed, 16 Jul 2003 16:20:32 -0400, Joshua Ghiloni
<jd***@SPAM.ME.AND.DIE.cwru.edu> wrote:

That's utterly impossible. You have to pass the HTML to the client for
the browser to render it.

I'm thinking specifically of rendering the HTML as an image and
displaying the image (a gif or jpg) instead of the code. But although
I can do this "by hand", I don't know of a way to do it dynamically.

Parenthetically, apologies if my original article was posted multiple
times. My news server seems to be having problems at the moment.
Ron
-
http://www.christianfamilywebsite.com
http://www.iswizards.com
Definition: Nelp: Contraction of "no help". Colloquial: Help
messages that are of no help whatsoever. Pretains to help files,
messages or documentation that convey no useful information, or
pedantically repeat the blindingly obvious.

In addition, I'd suggest you make potential customers sign a
non-disclosure agreement before entering into any negotiations with
them. I work for a Very Large Software Firm (TM) and it's common
practice here. That way, anyone who steals your code has very serious
legal consequences awaiting them. NDAs are very common and almost
impossible to beat in court.

I appreciate everyone's responses on this thread, even those who
didn't seem to understand the original question.

I was, of course, referring to prototype code, for which money has not
yet changed hands. If the customer buys the site, it's theirs. I'm
not trying to hang onto code that others have hired me to write, just
making sure I don't spend my time developing for free (unless I wish
to).

I guess an NDA is the way to go. I was hoping to find a technique
that was completely transparent to the ethical customer. It was worth
asking, but it's not that big of a deal.

Thanks again to those who responded.
Ron
-
http://www.christianfamilywebsite.com
http://www.iswizards.com
Definition: Nelp: Contraction of "no help". Colloquial: Help
messages that are of no help whatsoever. Pretains to help files,
messages or documentation that convey no useful information, or
pedantically repeat the blindingly obvious.