Encrypting your index.html file

[Ronnie]

Hi,
Here's another handy info if you're concerned with "unauthorised viewing" of the source contents in your index.html file, especially when there are "sensitive" details included.

Depending on your budget, fear and obsession, and security, there are paid and free tools available nowadays. I found one at : http://www.webtoolhub.com/tn561359-html-encrypter.aspx

I tested it and encrypted the index.html file, and my web app is working fine. When I loaded the index.html to my text editor (NotePad++), the contents look "garbage with numeric patterns", nothing like a typical html file. Though the free online encryption works fine (for me) it is not failsafe or foolproof especially for advanced hackers. However, it helps prevent novice/casual curious users from checking on the source contents in the index.html file.

You might want to try them out. If you know of any other good HTML encryptors around, share them with us...

PS: It'd be nice to have an "encrypt" option in the project's Properties to allow developers to decide if they want to encrypt the index.html file or leave it "as is."


Ronnie

[Neosoft Support]

That's interesting. I wonder if there is any documentation that describes how to encrypt html files? Obviously, the file still has to be readable by the browser, so there must be some specific rules.

[anton]

Hi,
Here's another handy info if you're concerned with "unauthorised viewing" of the source contents in your index.html file, especially when there are "sensitive" details included.

Depending on your budget, fear and obsession, and security, there are paid and free tools available nowadays. I found one at : http://www.webtoolhub.com/tn561359-html-encrypter.aspx

I tested it and encrypted the index.html file, and my web app is working fine. When I loaded the index.html to my text editor (NotePad++), the contents look "garbage with numeric patterns", nothing like a typical html file. Though the free online encryption works fine (for me) it is not failsafe or foolproof especially for advanced hackers. However, it helps prevent novice/casual curious users from checking on the source contents in the index.html file.

You might want to try them out. If you know of any other good HTML encryptors around, share them with us...

PS: It'd be nice to have an "encrypt" option in the project's Properties to allow developers to decide if they want to encrypt the index.html file or leave it "as is."


Ronnie

Waste of time and resources. Decoding takes seconds. In Russia they say about it, "Protection against the fool" (foolproof)

[krackerjaxz]

I've tested out numerous free and paid (i.e. trial versions) HTML encryption software. Every single one can be defeated in a matter of seconds. Ronnie, you say that it's not foolproof against advanced hackers. Unfortunately, a person doesn't need to be an advanced hacker. In fact, they don't need to be a hacker at all. As the NeoSoft tech support stated, the index.html file has to be read by the browser. The encryption schemes are nothing more than various types of JavaScript encryption implementations.

Now, if a person wants to be an "advanced hacker" they can usually add or modify one line of code and they'll have the unencrypted HTML/JavaScript. If a person doesn't want to be an advanced hacker or just be lazy, all they have to do is copy the encrypted code and paste it into decryption websites. A quick Google of html decryption brings up a plethora of websites where you paste in the encrypted code and it spits out the unencrypted code.

[TMcD]

Yeah HTML obfuscation is really just to thwart the noobs, better than nothing. But not strong security.