Password protect html,encrypt source,hide html code - the basics [Home]

Image Protection - how to use Image Guardian

FAQ - protect html , scripts, PHP, ASP

FAQ - protect web images

Encrypt ASP files

Ultra - Strong HTML password protection

Protect website source code.Password protection [FAQ]


Can I password protect html files ? How secure is html password protection?
Yes. There are two types of password protection available - Basic and Ultra-Strong.
To use the Basic protection, just check 'Password protect this page' box, and in the password configuration window set the password and the action in case the visitor enters an incorrect password. Of course, this is not a PGP sort of protection :) , so don't use this feature to protect highly sensitive information.
However, it is practically impossible to extract the password from the encrypted file, especially if you use the alternative encryption method(for IE 5+ only).

If you need to password protect a highly sensitive information in an extremely secure way, you have to use the Ultra-Strong password protection. How to do this is explained here.
Go Back


Can I encrypt ASP files?

Yes. HTML Guardian provides two encryption methods for .ASP files - Standard and Enhanced. A comparison between them you can read in the "Protecting ASP files" section of the Help file. In Standard mode, by default HTML Guardian will only encrypt the server-side parts of the code for .asp files, but you can encrypt parts of the client-side html and script code as well.
Server-side code is not visible to the web site visitors if they view the page source or save the .asp file to disk. But it is what takes most of the time and efforts when you develop asp solutions. So this option can be very useful if you need to give the asp source to some third parties - they can test what you've done on their server, but can't steal your source. In general, it is a good idea to encrypt .asp files even if you don't give them to anyone - this will protect your work if someone for example knows your password and can have ftp access to your server. There are also several bugs in Microsoft's asp server that make possible a knowledgable person to retrieve the real source code of your .asp files if the asp server security is not well configured. In most cases the asp server configuration is done by somebody else and you can't know if it's vulnerable to such attempts - so it's always better to protect your asp source code.
In Enhanced mode, HTML Guardian encrypts asp files and the client side code in the server's response entirely. Some other features are also only available in Enhanced mode.
Password protection is not available for .asp files in the current version of the program.
Go Back


Which protection method I should use? What's the difference?
If you use the default method (for 'All' browsers), the encrypted files will work in all the available browsers. If you use the alternative method for IE5+ only, encrypted files will be properly displayed only in Internet Explorer 5.0 or higher.
The default method uses standard javascript for encryption. The alternative method uses some features available in Internet Explorer 5.0 or higher only.
The alternative encryption method for IE5+ is faster and more secure, it is practically impossible to be cracked. Many web designers create a separate version of their sites for each browser. In this case you can encrypt the IE version of your site using the alternative method, and use the default method for others. The alternative method can be also used if you create files for internal use, because IE is the standard browser for almost all organizations. It's also suitable if you create files which will be used offline, like e-books or manuals in html or chm format.
We suggest that you use HTML Guardian's Site Manager. It will encrypt your site(or any set of files that reside in one folder) both for 'All' and 'IE5+' browsers and will generate a file which will redirect the visitors to the appropriate encrypted version of your files depending on the browser used. This way people that use IE 5 or higher(now about 95 % of all web users) will see the files encrypted for IE 5+ browsers, and the rest will see the files encrypted with the default method (for 'All' browsers).
Go Back


Do I need to use all protection options available? What's the recommended set of options?
Of course, you don't have to use all options together. Some of them we added in HTML Guardian because they were requested by our corporate customers, and are not always needed. There is no recommended set of options, use those you find appropriate. However, we suggest that you always disable right click for html files.
Go Back


I don't want my site to be visited with certain browsers. Is it possible to deny access to my site if it is visited with certain browsers?
Yes, you can. You should create a browser detection script for that. The best way is to put this script in a separate .js file, let's say brwsr_detect.js
Then you should add a reference to this script in each of your html files like this
<script src='brwsr_detect.js'></script>
The above line should be included in the HEAD section of all your files for which you want to detect the browser.
Below is a very simple browser detection script( there are much better examples available on the web which can detect the browser build, the OS, the browser support for different plug-ins and many other things):

if(document.all&&!document.getElementById){brwsr='ie4'}; // Internet Explorer 4.x
if(document.all&&document.getElementById){brwsr='ie5'}; // Internet Explorer 5.0 or higher
if(document.layers){brwsr='nn4'}; // Netscape 4.x
if(window.sidebar){brwsr='nn6'}; // Netscape 6.x
if(navigator.userAgent.toLowerCase().indexOf('opera')>=0){brwsr='opera'};
// Opera
// alert(brwsr)


Now let's say you don't want your site to be visited by Opera browsers - you should include a line like this in the script:
if(brwsr=='opera'){document.location='error.htm'};

This will redirect Opera browsers to the error.htm page (you should create it). It may say something like
'This site can't be viewed with your browser. Internet Explorer 5+ or Netscape 6+ is required'
Netscape's 4.x implementation of javascript is awful - the above script may not work in some Netscape 4.x versions. If you don't want your site to be visited by Netscape 4.x browsers, it's better to include this in each page or at least in your main page (not as a .js file but directly in the html source, HEAD section):

<script>if(document.layers){document.location='error.htm'}</script>
Go Back


List of supported file types.
HTML Guardian can directly protect the files of the following types:
*.htm / *.html / *.shtm / *.shtml / *.stn / *.asp / *.js / *.vbs / *.css / *.php/ *.inc (.inc files are always treated as asp includes).
If Image Guardian is enabled, you can also protect the images in the following formats:
*.jpg / *.gif (but not animated gif's) / *.bmp
No other file types are currently supported. HTML Guardian can not directly protect files in a format different than the ones listed above(like .cfm , .jsp, .swf, .png, .wav, .class, .jar, .cab or any other file type that may be used in your website). By encrypting the source code HTML Guardian will make unauthorized copying of most files of unsupported types much harder, but it will not modify them in any way.
Changing the extension of any file of an unsupported type to spoof HTML Guardian is not recommended and may have undesired results.
Note that you can only password protect html / shtml / php files. Files of other types can't be encrypted with a password.HTML Guardian can't protect folders, only files.
Go Back


Go back Next

   © 1997-2005, ProtWare Inc. All rights reserved.