Information Protection when inspecting code via browser

Asked

Viewed 8,714 times

10

I would like to know if there is any way to hide the visible code in the inspect/Ctrl+U or make it difficult. Why I’ve been researching PHP makes it difficult to query the code, check it? What methods do you know about it?

  • 2

    The php code is not possible to pick up, because it runs on the server, since it is on the client side (html, javascript), you can make it difficult, but there are automated tools that will make the service of taking this code... Nowadays the biggest concern, in my view, is the sensitive data... There should be attention when assembling its structure...

  • 1

    +1 by avatar... Zuera, the question is good serves for enough users

  • 2

    In general, you don’t have to worry about HTML code. Let anyone who wants to copy let them do it. Unless it’s something very specific that can compromise "part" of the security as a link to a video where you don’t want the user to know what the link is. But for this there are smarter solutions (it was just an example). In the end, by trying to protect yourself with otherworldly techniques, you will only be making it difficult for both sides. For the user and for yourself.

  • Related Hide JS code

1 answer

23


PHP nay difficult to copy anything from front-end, you have to understand a few things first:

  • front-end

    The front-end is a relative term, but in practice it is usually used to refer to what will be processed in the browser

  • back-end

    The back-end is also relative, but in practice it is usually used to refer to general server-side technologies such as database, HTTP-processing program (such as Apache and IIS) and dynamic language and frameworks

  • HTTP request

    It is what the browser sends to a server, occurs at the moment you type a URL in the navigation bar, when it sends an upload

  • HTTP response

    The HTTP response is generated after an HTTP request and it will respond as requested by this request

PHP is a language that can be used (and is usually used) for web pages, it runs on the side we call "back-end", the browser communicates with the server through the HTTP protocol by making a request, then PHP processes a script and generates a response, this all occurs on the server and not on the user’s machine, each line or entire content generated will be sent as an "HTTP response" to the browser you requested, for example:

http

In other words, PHP does not run next to HTML, it generates a response that can be an HTML "document", as it can be a TXT, an image, a video, it will depend on what you have defined that PHP should send in response.

There are many other languages that run on the server and can work with HTTP to generate responses to HTTP requests, in practice these languages like PHP, Python (usually using a framework), C# (usually using Asp.net and Asp.net-mvc), Ruby (Rubyonrails framework) and etc are used to make the development of pages more dynamic, for example when accessing a facebook profile in fact all profiles are the "same page", but the data of each profile are populated as the request and the back end generates a version based on the content desired.

In short

In short, there is no way to protect a generated or created HTML, because this is a download process, it has to avoid some attempts of copies, but those who really want to copy a page will be able to do this for more attempts you make to prevent copying, because an HTTP response is sent as a download and processed in the browser window, that is, it has already been downloaded to the machine.

What you have to worry about is protecting sensitive data such as passwords, customer data (assuming you have an important database) and preventing them from being displayed at undue times.

Techniques to try to protect

Still there are things you can do to try to protect, of course as said sensitive data should not be sent as responses, only if necessary, but if the data are not sensitive and still want to protect them.

  • You can block the right mouse button with javascript:

    <script>
    if (document.addEventListener) {
        document.addEventListener("contextmenu", function(e) {
            e.preventDefault();
            return false;
        });
    } else { //Versões antigas do IE
        document.attachEvent("oncontextmenu", function(e) {
            e = e || window.event;
            e.returnValue = false;
            return false;
        });
    }
    </script>
    
  • You can also block text selection with CSS:

    <style>
    /*desabilita a seleção no body*/
    body {
        -webkit-touch-callout: none; /* iOS Safari */
          -webkit-user-select: none; /* Chrome/Safari/Opera */
           -khtml-user-select: none; /* Konqueror */
             -moz-user-select: none; /* Firefox */
              -ms-user-select: none; /* Internet Explorer/Edge */
                  user-select: none;
    }
    
    /*habilita a seleção nos campos editaveis*/
    input, textarea {
        -webkit-touch-callout: initial; /* iOS Safari */
          -webkit-user-select: text; /* Chrome/Safari/Opera */
           -khtml-user-select: text; /* Konqueror */
             -moz-user-select: text; /* Firefox */
              -ms-user-select: text; /* Internet Explorer/Edge */
                  user-select: text;
    }
    
    /*habilita a seleção nos campos com o atributo contenteditable*/
    [contenteditable=true] {
        -webkit-touch-callout: initial; /* iOS Safari */
          -webkit-user-select: all; /* Chrome/Safari/Opera */
           -khtml-user-select: all; /* Konqueror */
             -moz-user-select: all; /* Firefox */
              -ms-user-select: all; /* Internet Explorer/Edge */
                  user-select: all;
    }
    </style>
    
  • Block Ctrl+U and Ctrl+S:

    Important note: cannot lock in some browsers and/or situations, this because there are sequences of keys that are reserved, this varies from browser to browser

    <script>
    if (document.addEventListener) {
        document.addEventListener("keydown", bloquearSource);
    } else { //Versões antigas do IE
        document.attachEvent("onkeydown", bloquearSource);
    }
    
    function bloquearSource(e) {
        e = e || window.event;
    
        var code = e.which || e.keyCode;
    
        if (
            e.ctrlKey &&
            (code == 83 || code == 85) //83 = S, 85 = U
        ) {
            if (e.preventDefault) {
                e.preventDefault();
            } else {
                e.returnValue = false;
            }
    
            return false;
        }
    }
    </script>
    

Other related posts

Again I say, this does not guarantee anything, it only helps a little, but whoever is deciding to copy your page will do if they wish, however the work that is to make copies of pages people will probably prefer to take "frameworks" as and download layouts or buy them ready.

About plagiarism

Still yes if you want to look for other means of protection maybe only the legal means, I do not think that here on the site you will find useful information for this yet take a look at the tag , but still consult a lawyer, licensing on the content is something complex.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.