ionCube Logo
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


 
Post new topic   Reply to topic    ionCube Forum Index -> Discussion

html encoder hacked

Author Message
jmaster



Joined: 13 Aug 2012
Posts: 1

PostPosted: Mon Aug 13, 2012 12:45 pm    Post subject: html encoder hacked Reply with quote

Just open an obfuscated page using Google Chrome, press ctrl+shift+i and you'll have full access to source code.

Also, when you first run that obfuscated page, there are a few seconds before the page loads where you can right click and access the page options menu, where you are able to select inspect elements and view source code, also save the html page to a local folder and play with it. Fortunately the view source code doesn't show the code.

However, the inspect element hack is working the same as the "save as" button, so the program is a security risk right now.

Regards and hope you solve those issues asap.
Back to top
View user's profile Send private message
liaison
ionCube Support


Joined: 16 Dec 2004
Posts: 2757

PostPosted: Tue Aug 14, 2012 12:11 am    Post subject: Reply with quote

Or you could use firebug or other DOM inspectors. Be clear that what you describe isn't "hacking" in any sense of the word at all, it's simply using features of modern browsers that get in at the DOM level to recreate the source if the current view.

The HTML obfuscator was donated by a customer of ours many years ago, in the days when view source simply showed what came down the pipe on the first request before any JS was run. It's a neat script, though with limitations (7 data handling only to give one). We provide it free and without support because we're aware of the limitations.

Although we still provide the script because there is still a demand for this type of thing, our recommendation and advice for a long time has been that trying to protect client side code is largely futile and potentially damaging for the user experience. Most people using a website aren't going to care at all what's behind the scenes, they just want the pages to work. Those who might want to take a peek at the HTML, JS and CSS will obtain the code no matter what you do (keep in mind that there are many opensource browsers, and modifying those to spit out code after any JS has run or to create a page from the DOM isn't going to be difficult). HTML mangling could adversely impact user experience, as well as being unfriendly to search engines. Then there are cached CSS and JS files. To stop snooping of those you would need to not cache them, definitely not a good idea. You would also need to stop trivially obtaining them with a quick wget directly...
_________________
Community Admin
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    ionCube Forum Index -> Discussion All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum