Hide source code,encrypt html,password protect web site - the basics [Home]

Image Protection - how to use Image Guardian

FAQ - protect html , scripts, PHP, ASP

FAQ - protect images

General settings

Profiles and advanced settings

Encrypt ASP files

Ultra - Strong HTML password protection

Encrypt PHP files

Protect css files [Style Sheets]

File List Manager and Command line reference

Site Manager

Known issues & Troubleshooting

Support

Shortcuts

Hide ASP source code [Standard ASP encryption]

hide asp source code General information [Standard ASP encryption]

By default, HTML Guardian will only encrypt the server-side parts of the code for .asp files.
That's the code enclosed within <% ...... %> delimiters, and it's usually the most important part of the asp file. So it's quite important to

hide asp source code

, or, in other words, to encrypt it so that it can't be reused in other asp projects.
By default, the rest of the code (client-side code) will remain unencrypted, and the code visitors see in their browsers will be unencrypted.
The following is also possible:
You can encrypt client-side html and script code contained in ASP files.
You can encrypt includes, and you can include an encrypted file in another encrypted file
You can use all the additional protection options for .asp files (except password protection).
But HTML Guardian will not do this automatically.
Your files need to be prepared for that or to comply with some requirements. Please carefully read the sections below.


Encrypting client-side html / script code [Standard ASP encryption]

You can encrypt any desired portion of the client-side code in an .asp file (html and / or client-side scripts), but this will not be done automatically. You have to specify which parts of the client-side code to be encrypted by enclosing them within these html comment tags (case sensitive):

<!--hgasp_s -->
... here comes the client-side code you want to be encrypted ...
<!--hgasp_e -->

The code enclosed within these comment tags should be a pure client-side code. It should not contain any server-side code (<% .... %>) or commands (like #INCLUDE) - otherwise client-side code encryption will be aborted (in such case a new entry will be added to the Error Log. No visual alerts will be displayed).
Client-side code can't be encrypted for includes.

There are two methods to encrypt client-side code:

   client-side code is encrypted only in the ASP source - in this case the client-side code will be encrypted in the ASP source, but will not be encrypted in the response ASP server generates and sends back to the browser. So you can't hide ASP source code (or more precisely - you can't hide html source generated by the ASP server) - if the visitors click View-->Source in their browsers, the entire source code they will see will be unencrypted. This option will hide asp code only in the .asp files source, but not in the response generated by the server.
   client-side code is encrypted both in the ASP source and in the response ASP server generates and sends back to the browser. If the visitors click View-->Source in their browsers, the client-side code from the ASP file will be encrypted. Note that the code dynamically generated by the server will appear unencrypted.

You can toggle between the two methods by pressing CTRL + ALT + A keys (this is a temporary change, not remembered after restarting the program). Press F4 at any time to see the current setting. You can permanently change this settings from the General Settings window.
If you want to encrypt only client-side scripts, you may just put them in a separate .js file and encrypt it.
Go back


Encrypting includes [Standard ASP encryption]

It is a common practice to use includes if you want to insert the same piece of code in many files. Normally, you can include any .asp file in any other.
But to ensure proper encryption, HTML Guardian needs to know whether the asp file being encrypted will be used as an include in other files or not.
To mark an .asp file as an include, insert this comment somewhere in it (like at the end of the file):
<!--hgaspinclude -->
ASP files encrypted as includes can't be used as standalone files. ASP files encrypted as standalone files can't be used as includes. If you have a file used both as a standalone and as an include, you should make a second copy of it - then encrypt one copy as an include(with the above comment tag inserted) and the other as a standalone file.
Files with .inc extension are always treated as includes, you do not have to insert this tag in them.

Client-side code can't be encrypted for includes.
Additional protection options can't be used for includes.
Note: Only encrypted .asp files can use encrypted includes. A non-encrypted .asp file that uses an encrypted include will most likely not work. An encrypted .asp file may use encrypted or non-encrypted includes, or both types together.
Go back

Using the additional encryption options for .ASP files [Standard ASP encryption]

You can use all additional protection options that HTML Guardian provides for .asp files, except the password protection option. The following should be observed:

- The .asp file should have <HEAD> and </HEAD> tags.
These tags should NOT be a part of the server-side code (they should NOT be between <% .... %> delimiters).
These tags should NOT be a part of code marked for client-side code encryption (they should NOT be between <!--hgasp_s --> .... <!--hgasp_e --> tags).

Below are some examples:

Incorrect
Incorrect
Correct
.....
<%
...........
Response.Write("<HEAD>")
...........
%>
.......
.....
<!--hgasp_s -->
<HEAD>
............
</HEAD>
<!--hgasp_e -->
.....
......
<HEAD>
<!--hgasp_s -->
..some client-side code..
<!--hgasp_e -->
<%
..some server-side code..
%>
<!--hgasp_s -->
..some client-side code..
<!--hgasp_e -->
</HEAD>
........
Here the <HEAD> tag is a part
of the server-side code
Here the <HEAD> and </HEAD> tags are marked for client-side code encryption


- The opening <HEAD> tag should look this way: <HEAD> (case doesn't matter)
There should be no additional information in it, like <HEAD id="abc">. In case you need to add something to the opening <HEAD> tag, you should do this after the encryption.

- if your .asp file does not start with @LANGUAGE directive, like
<%@ LANGUAGE = VBScript %> or <%@ LANGUAGE = JScript %>
, HTML Guardian will assume the scripting language is VBScript. In some rare cases the asp server where your site is hosted may be configured to use JScript as a default scripting language. If this is the case, you should insert <%@ LANGUAGE = JScript %> at the very beginning of each .asp file you want to protect (this should be the first line of code).

Additional protection options can't be used for includes.
Go back

What "Not Encrypted" message means?
This is not an error message. In HTML Guardian Personal edition there is a limit for the file size of the .asp files that can be encrypted (when using the Standard ASP encryption). If the file being encrypted exceeds this limit, the 'Not encrypted' message appears. In Professional & Enterprise edition this limitation is removed. You can hide asp source code (encrypt asp source) for any .asp file, no matter of its size.
Go back


Go back Next

   © 1997-2005, ProtWare Inc. All rights reserved.