im working on an encryption script in perl however the problem is that when it decrypts the encryption it writes the real html source, is there a way in perl to hide the source when someone goes to view sorce is it only possible to do so in javascript??


Thanks
Goran Sterjov

Do you mean the final Perl output sent to the user? No. A browser sees no difference if it receives its content from a static page or dynamic program. So this is no different from trynig to hide your source for any other page, which cannot be done.

You cannot hide the HTML source, but you can make it close to indecipherable. Check out this tool:

http://www.dynamicdrive.com/dynamicindex9/encrypter.htm

Adam

And also very easily recoverable. All someone would have to do is change document.write to someTextArea.value (generally speaking) to see the results. It also makes your page *completely* dependent on the user having scripting enabled.

hmm. well then is there anyway to stop a user from downloading a javascript file directly rather than through the <script src="">.

i have tried doing it with htaccess and htpasswrd however everytime the user loads the page they need a password.

Thanks
Goran

JavaScript is executed client-side, which means for their machine to be able to execute the code at all it has to be able to download it. And once it's on the user's machine there is nothing more you can do. There is why JavaScript is not a means to do anything securly.

bugger!!

welll then is there any other way to not show the final output hrough asp or php etc.

or what if i were to do this:
<script src="scripts/decrypt.dat"></script>

would that work? since its a data file with variables in it.


Thanks Again
Goran

Not for HTML, JavaScript, or anything else parsed client-side. Because in the end the browser on the user's machine must have this available in a readable form. Otherwise your markup doesn't render and your scripts won't execute. And if the code is available and readable on the user's machine, obviously the user will be able to read it. All you can do is on the server-side decide what to send back to the user and what not to.

ok, then for the last question

my javascript is protect by a perl anti leech script.

so the html code looks like this
<script src="leech.cgi?decrypt"></script>

it works fine too

however does the javascript file go on the system once its loaded, or is that safe enough and no one can get the javascript (besides hackers that is)

Thanks Again - You've been a great help
Goran Sterjov

however does the javascript file go on the system once its loadedYes, because whatever output leech.cgi?decrypt produces gets sent to the user, otherwise their browser can't run it. This is why nothing client-side can be kept secure, whether it be markup, programming, text, or images.