1. Technology
Send to a Friend via Email

Effective Web Page Encryption

There is no such thing

By

You can always tell the newcomer who has just started creating web pages of their own. They are the one's asking about "no right click" scripts and other means of protecting the content of their web page from would be thieves. These are the people who don't have enough experience of how web browsers work to understand what can and can't be done with web pages.

Firstly, not all browsers permit web pages to interfere with such operating system functionality as the "context menu" or require the browser owner to grant that permission. This means that you can only block your visitor's access to that menu from the right mouse button if that visitor allows you to block their access.

Secondly, most such scripts only block access to that menu from the right mouse button and don't block the access to the menu from the keyboard. On windows keyboards the key between the right Windows key and the right CTRL key is the contextmenu key which will display the same menu as clicking the right mouse button.

Thirdly, even when the oncontextmenu="return false" code is used to disable the context menu no matter how accessed, there are still numerous other ways to view the source of the web page. The most obvious one is the "Source" option from the "View" menu in the menu bar. Only some browsers allow you to disable the menu bar from within your web page by using a signed Javascript. It is also easy to turn off the no right click script.

The simplest way for other newcomers to get around all such scripts is to simply turn off Javascript in their browser.

Of course anyone planning on stealing the content of your web page (not that these newcomers are likely to have anything worth stealing) can choose which web browser that they view the page in and so the would be thieves will select a browser that allows them to bypass all of these scripts without having to disable Javascript in the first place.

Slightly more knowledgable web page writers move on to encryption as being the way that they use to attempt to protect their web pages. These people may use free programs or can pay anything up to $200 or more for a program that will encrypt their page source. This results in anyone who views the delivered source of the web page seeing only the encrypted version of the page source.

Unfortunately for them the web browser itself has to be able to decrypt the page in order to be able to display the web page and there are three ways that the decrypted version of the source can be accessed using nothing more than a web browser and a few lines of Javascript.

The easiest way to be able to view the decrypted source of an encrypted web page is to install a "View Source" bookmarklet into your browser that will pop up a new window containing the decrypted source of the page that it is run against. There are two ways that the encryption programs can block this - they can block popups or they can use an empty iframe - I have found only two encryption programs that include the code to block this and one uses one of these methhods while the other uses the other method. No other encryption programs that I have seen block this method of accessing the decrypted source.

The second way to access the decrypted source is to save the page using Netscape 7.0. That particular version of the Netscape browser unlike the versions before and after it saves the decrypted version of the page rather than the delivered encrypted version. The only way to block this is to use a signed Javascript that removes the menu bar from that browser. The only encrypted web page that I have seen that does block this is a proof of concept page that I wrote myself.

The third method of accessing the decrypted source of a web page is to add a "View Source" user Javascript into your browser that adds a view source link to the bottom of whatever web pages you select. This can get past any form of protection since it runs after everything else in the page and is impossible to block.

Given that this last method gives access to the unencrypted source of any web page no matter how encrypted we can therefore conclude that there is no effective way of blocking peoples access to the readable source of your page.

  1. About.com
  2. Technology
  3. JavaScript
  4. Problem Solving
  5. Effective Web Page Encryption Using JavaScript

©2014 About.com. All rights reserved.