Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / Question about richtclick on web pages

Author
Message
Hobgoblin Lord
19
Years of Service
User Offline
Joined: 29th Oct 2005
Location: Fall River, MA USA
Posted: 19th Mar 2007 10:32
Link
Greetings,

To all you web guru's I pose a question. I have seen alot of software that says it stops someone from being able to view your source code or to save you pages, but in reading up on it many people say it is impossible to stop this. I wanted to know if there is actually a way (many of the posts I read were several years old). The reason I ask is that for the website I am working on I plan to use a shopping cart ala Paypal, the last thing I need headache wise is for some clown to download the page, change the sale value of an item and run the page directly on their machine sending a bogus price to paypal. I know I won't need to ship the item but forsee possible headaches to cancel such orders.


Thanks
HL

http://forum.thegamecreators.com/?m=forum_view&t=73324&b=8
My RPG WIP, check it out
Back to top
Profile PM Email Website
dark coder
22
Years of Service
User Offline
Joined: 6th Oct 2002
Location: Japan
Posted: 19th Mar 2007 11:06
Link
It's impossible, how else can you view the page? some sites can disable your right click but you can still go view/source, some sites also obfuscate the code/links. Scripts such as PHP will only send to the client what you tell it to send, so if you have a chopping cart system, they cannot download the code to the shopping cart, all they can do is see what the code sends to them. Look at this forum for example, you can get the code for the layout, however the actual forum code isn't accessible.

Back to top
Profile PM Email
Nicholas Thompson
20
Years of Service
User Offline
Joined: 6th Sep 2004
Location: Bognor Regis, UK
Posted: 19th Mar 2007 11:09
Link
There is (pretty much) no way on earth to do this. The way the browser works is it download a page and locally "executes" it through its own parser.

There are things you can do to make code stealing harder - but its never impossible. Options:
1) Use frames to add steps for people to go through to get to the code - this can break the page accessibility though
2) Use a program to obfuscate the code. This just makes it hard to read. Down side - it makes it hard to debug too

Your best option is to use nifty validation techniques at your end. Not entirely sure how PayPal works - but with Worldpay you post directly to their form. This makes it a little harder - but you COULD try this... Post the contents of the cart to your own script which does some validation (eg, makes sure the posted content is the same as the session basket or something) and then use the php CURL function to post off to PayPal or Worldpay.

This any help?

[center]
Back to top
Profile PM Email Website
indi
22
Years of Service
User Offline
Joined: 26th Aug 2002
Location: Earth, Brisbane, Australia
Posted: 19th Mar 2007 11:25
Link
disabling right mouse clicks is usually in javascript or DHTML etc. for stuff like image protection.

http://www.dynamicdrive.com/dynamicindex9/noright.htm



however I can make any web page on OSX a PDF and get the images anyway no matter what you try, so its kinda pointless.

use a watermark if your super worried on all images.



disabling the view source button in view /view source cannot be achieved across all browsers or operating systems, as well as sneaking a look at googles cached memory of your site.


you can encrypt your visible source with online encryption pages or write your own obfuscator, but it only makes it a challenge for the hardcore curious.


you can hide with a trick using frames, to the layman they only get the outside frames content and not your real code.

Its best to learn PHP which leaves more sensitive stuff on the server side, all the client sees is the spat out code.




if you wanted to do it for an internal company machine, a registry would solve that.


Start Regedit
Go to HKEY_CURRENT_USER\ Software \ Policies \ Microsoft \ Internet Explorer \ Restrictions
Add a DWORD with a name of:
NoBrowserBars Disable changes to browsers bars.
NoBrowserClose Disable the option of closing Internet Explorer.
NoBrowserContextMenu Disable right-click context menu.
NoBrowserOptions Disable the Tools / Internet Options menu.
NoBrowserSaveAs Disable the ability to Save As
NoFavorites Disable the Favorites.
NoFileNew Disable the File / New
NoFileOpen Disable the File / Open
NoFindFiles Disable the Find Files
NoSelectDownloadDir Disable the option to change download directory
NoTheaterMode Disable the Full Screen view
NoOpeninNewWnd Disable Open in New Window
NoViewSource Disable the ability to view the page source HTML.
NoNavButtons Disables the Forward and Back buttons
NoPrinting Remove Print and Print Preview from the File menu.
AlwaysPromptWhenDownload Always prompt user when downloading files.
Give it a value of 1 to turn on the restriction
Go to HKEY_CURRENT_USER \ Software \ Policies \ Microsoft \ Internet Explorer \ Toolbars \ Restrictions
Create a DWORD with a name of :
NoViewSource Disables adding, removing, or moving toolbars.
Give it a value of 1 to enable this restriction.

Back to top
Profile PM Email
indi
22
Years of Service
User Offline
Joined: 26th Aug 2002
Location: Earth, Brisbane, Australia
Posted: 19th Mar 2007 11:26 Edited at: 19th Mar 2007 11:33
Link
ahh nick beat to most points.

I forgot to mention as well, you could hide it in swf files or make a mini exe that people download to securely purchase your software and lead it back to paypal that way.
java applets as well could hide those more sensitive components.

Back to top
Profile PM Email
VR2
19
Years of Service
User Offline
Joined: 14th Mar 2005
Location:
Posted: 19th Mar 2007 12:45
Link
Not sure how Paypal does things but a couple of thoughts:

- if you have server script that is accepting parameters from a web page (like a PHP script) then it can easily check the HTTP_REFERER and if that is NOT YOUR PAGE then you do not process the information. This means that if someone downloads your page to their desktop, alters the values to pass back on to your script then it won't work.

- However, you should not be passing Money values about like that - at most pass a "ProductID" and a "Quantity" and work out the price on the server before sending off to Paypal.

- Be aware that the client can also alter values in your page using "Javascript URL's". Eg, imagine you have a page holding money value in a hidden field, they could type something like this in the URL bar:



that will alter your (perhaps otherwise "hidden field", and submit back to the server from it's current location - and I'd expect your HTTP_REFERER value will be none the wiser that the user has done this.

- Packet sniffers and interceptors can also play a part - so again, passing values about (from client to server) that you don't wish the user, or anyone else, to be able to intercept and alter, then you should be using an encryption like Secure Sockets Layer (SSL).
Back to top
Profile PM Website
Hobgoblin Lord
19
Years of Service
User Offline
Joined: 29th Oct 2005
Location: Fall River, MA USA
Posted: 19th Mar 2007 18:17 Edited at: 19th Mar 2007 18:20
Link
This is actually how paypal works for the cart, simple html.


I thought the claims of a bunch of these software packages to "secure" your code were pretty bogus. Thanks for the help so far, personally I am going to validate everything by eye, then send an unlock code or item myself. Still see a potential headache if someone did change a price to cancel the order and have Paypal not charge you, but I guess it could just be a cost of doing buisness.

I dont actually care about protecting my code, if someone had to rip off my work they are damn pathetic. As for images and other things Im not putting up anything I am not prepared to give away anyway (free textures, portraits etc) Gonna try alot of freebies to help generate some traffic once I am done I hope.

http://forum.thegamecreators.com/?m=forum_view&t=73324&b=8
My RPG WIP, check it out
Back to top
Profile PM Email Website
Phaelax
DBPro Master
21
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 19th Mar 2007 18:36
Link
Even images inside a Flash object aren't not safe. If you can see it, it can be swiped.

There should probably be a way to set it up so that the paypal page will know if the transaction was being sent from your server and not someone's home PC.

I haven't really played much with using payment systems outside of the osCommerce package.

Back to top
Profile PM Email Website
NeX the Fairly Fast Ferret
19
Years of Service
User Offline
Joined: 10th Apr 2005
Location: The Fifth Plane of Oblivion
Posted: 19th Mar 2007 19:07
Link
You can drag around an image until it's selected, then press CTRL+C to copy. Done.


Since the other one was scaring you guys so much...
Back to top
Profile PM Website
Screwed Over
18
Years of Service
User Offline
Joined: 9th Jul 2006
Location: nowhere and everywhere
Posted: 19th Mar 2007 19:25
Link
http://scriptasylum.com/tutorials/encdec/html_encoder.html

if you incode different parts of your page with different code keys it'll be a fwaloping pain to decode. and theres also no decode option on that webiste.


^Check out my new site!^
Back to top
Profile PM Email
Hobgoblin Lord
19
Years of Service
User Offline
Joined: 29th Oct 2005
Location: Fall River, MA USA
Posted: 19th Mar 2007 19:45
Link
Nice screwed however, encoding then saving the file in that format immediately brings up (Infected by JS/Wonka) for the file you save it as so I would suggest avoiding that.

http://forum.thegamecreators.com/?m=forum_view&t=73324&b=8
My RPG WIP, check it out
Back to top
Profile PM Email Website
Ugh
17
Years of Service
User Offline
Joined: 29th Nov 2006
Location: USA.. USA..
Posted: 19th Mar 2007 20:52
Link
Ahh, RegeDit solves all your problems. From a software that has a time limit on how long you can use it, to this!

DONT BUY BANANAS, THEY HELP TERRORISTS
http://www.cbsnews.com/stories/2007/03/15/terror/main2571969.shtml
Back to top
Profile PM Website
Hobgoblin Lord
19
Years of Service
User Offline
Joined: 29th Oct 2005
Location: Fall River, MA USA
Posted: 19th Mar 2007 21:28
Link
Ugh, What does Regedit have to do with the question, please elaborate.

http://forum.thegamecreators.com/?m=forum_view&t=73324&b=8
My RPG WIP, check it out
Back to top
Profile PM Email Website
Nicholas Thompson
20
Years of Service
User Offline
Joined: 6th Sep 2004
Location: Bognor Regis, UK
Posted: 20th Mar 2007 00:53
Link
tbh, if someone tries to fraud you by changing the price, just keep an eye on who has bought what and check before dispatch, if they're frauding - keep the money

[center]
Back to top
Profile PM Email Website
Back to top

Login to post a reply

Server time is: 2024-11-18 09:34:23
Your offset time is: 2024-11-18 09:34:23