Gossamer Forum
Home : Products : DBMan : Discussions :

How to hide source code????

Quote Reply
How to hide source code????
Hello,

I hope someone can help me. I am trying to hide the source code from viewing in browsers or at least the source code to the path to DBMAN.

When you view the source code for my client, you can see the path to dbman.cgi

Then it is a matter of copying and pasting the URL in the location/address field and running a password generator from there.

How can I hide the source code form viewing and have this thing still run?

MicChicken
Quote Reply
Re: [micchicken] How to hide source code???? In reply to
If you figure that one out, sell it and you'll make a million dollarsWink.

You can set your dbman script so that it'll only run from your domain check the instructions in the config file or perhaps its a MOD.

You cannot hide your source code, but you can make it really confusing for novices.

Example: at top of your web (html) page put something like this

<!--- You do not have rights to view this file --->

and then put about a million hard returns before before actually starting your coding. So when people "view source" they think they've been forbidden and don't know they simply need to scroll down a ways to see the code. Like I said this'll only fool some people.

Or here's a nifty trick: http://www.angelfire.com/biz/syrinxmu/preq.html

See if you can find his javascript he uses to power his calculators...

Hint: it involves frames of which some are set to "zero" in size.

Quote Reply
Re: [Watts] How to hide source code???? In reply to
If you are really bored you can use:

http://www.dynamicdrive.com/dynamicindex9/encrypter.htm

...but it's about as useful as an inflatable dart board.
Quote Reply
Re: [RedRum] How to hide source code???? In reply to
Well

I figured as much.

Also, it doesn't matter if I hide the source code because they can see the path to db.cgi when a search is conducted.

Anyway, ther reason I ask is a professional security dude (we call em hackers) said that the site was insecure and he could easily change the database if he wanted.

So, now I am panicked because my client is panicked and I don't know what to do about it.

Cheers,

micchicken

P.S - an inflatible dartboard huh?Smile
Quote Reply
Re: [micchicken] How to hide source code???? In reply to
All you need to do is put db.cgi in one directory and the other files in a password protected directory and change the config paths.

html.pl may have to go in the same dir as db.cgi but try it in the secure one first.
Quote Reply
Re: [RedRum] How to hide source code???? In reply to
Didn't work

DBman internal swervor error galore

yes assci mode, proper permissions, et c etc.

mic
Quote Reply
Re: [micchicken] How to hide source code???? In reply to
My question would be who called "the dude" and how did he get in contact with your client? I've dealt with many alarmist in the past and they usually turn out to be someone that 'knows all about computers' but really don't have any credibility.

My experience with these types of things has been to reassure your client that their information is *relatively* safe (you're not storing credit card numbers are you?) and that no system, not even the federal government is 100% secure.

Then if need be, call the dude's bluff. Set up a db and see if he/she can hack it. You should also point out to your client that there is safety in numbers. Why is someone going to waste their time hacking into my 'Elvis collectible blow-up doll' database when the world is full of banks and much more juicier targets.

I've run into the same thing with SSL (usually some freak with a y2k-buggy version of Netscape, telling me - and cc'ing everyone and their mother - that my certificates were expired- NOT!) and I found that I can lay a line of techno babble on the clients (and the alarmist) that pretty much convinces them that you know *a lot more* than they do.

Then again, I could be wrong... Wink

Check out the FAQ regarding dbman security and see if there's anything in it that'll help you out.

Good Luck, Mike.



Quote Reply
Re: [micchicken] How to hide source code???? In reply to
You need to get the paths right :)
Quote Reply
Re: [Paul] How to hide source code???? In reply to
I have seen this trick used on various sites before:

http://www.unmelted.com/hide-source-code.html

It completely baffled me. They haven't just hit the return key loads of times. If you hit view->source it should show you the code for the parent of the page, and have the code for the other frames.

eg. If you are on a site and you press view-> source, you will get the source code for index.html or whatever the index happens to be. Then in theory, if the site uses frames, you will get <frame src=..., but, this site just showed <!-- (c) whatever.net, all rights reserved --!>

They removed the protection from their site so I haven't had a chance to get a closer look, at the time, I didn't really think to look any closer, but they definitely didn't use the "new line" trick. I believe I accidently came across the same thing on a tree-view links script. It could have been something like http://www.treeview.net, but i remember there being a file called blank.html, and whatever contents was placed in there showed up when you tried to view the source on the links frame, it is definitely some sort of javascript trick. They also seem to have removed the protection Frown Will have to see if I can find an old version of the script somewhere.