How to hide source code from public view in php, asp.net and with javascript.
I have seen many CMS and other website that source is hidden from public
view, like wordpress config.php, whmcs configuration.php, and more
files are hidden, but inside it have code but when we check in browser
view source it display none.
How to do like this in php and asp.net or with javascript.
PHP code is processed server side - it has no view-source.
*however, sensitive files should be outside the root so if the engine goes down they can’t be viewed as plain text,
ASP is compiled server side - it has now view-source
JavaScript can be obfuscated and minified, but IMHO it isn’t worth the bother
config doesn’t produce any output. (well, except maybe whitespace)
install is in the admin folder so you need to be logged in as Admin.
license .txt is not meant to be hidden, it is the
GNU GENERAL PUBLIC LICENSE
If you don’t see it, it may have been deleted.
PHP is a server-side technology, PHP source code stored and executed on the server, so in browser you can see only results produced by that code. But HTML and JS are client-side technologies. That means HTML and JS source code stored and executed in browser, so you can see it.
I don’t know what you mean by hiding the file. In WordPress, it is a security measure that you don’t install your files in a folder that’s called “blog” or “wp” or “wordpress” because you’d be making a bit easier for a hacker to get into your WordPress installation. So you can ofuscate your installation by renaming the main folder where WordPress installs to something crazy like “Ilovedoingmyblogging” and then use your .htaccess file so the url doesn’t shows the name of the folder.
As people have said above, there’s no need to find a way to hide your PHP code because end users will never see it. It’s executed on the server, not in the browser, so all the user sees is the result of your echo() statements.
I think OP is talking about encoding it with eval or unescape so that the source code itself is in Javascript making it a little harder for someone to read unless they know to decode it using eval or unescape. I’ve seen a few source codes that do that, but they actually use other encodes as well which makes it more difficult to read.
In this case, it’s not a PHP problem, but it’s a Javascript problem.
A two line JavaScript can easily convert anything like that back into readable text. The Netscape 6 browser did it automatically without even needing the two lines of JavaScript. With a userscript you can have your browser add a “source” link to all web pages that will provide you with the actual HTML and CSS that the browser is using to display the page regardless of what obfuscation was used to send it to the browser.
Developer tools (now available in all modern browsers) can also allow you to see the unobfuscated content of the page
There is nothing that you can do to the HTML or CSS in a public web page that will block anyone from being able to read the unobfuscated source unless they don’t have JavaScript available in which case they will not be able to view the page at all. Browsers provide multiple waus to unobfuscate any HTML or CSS regardless of how it was loaded into the browser from the server.
This is not a JavaScript problem - is is a web page owner problem - trying to do something that can’t be done on the web.
Right. I never knew that. Pretty interesting then. I just thought it was some sort of technique that people use because on one site, the Javascript looks broken up. Then encoded with some sort of number because when I tried to decode it, the numbers meant a certain letter. It was a mix match of like unescape and some other encoding because it didn’t make any sense.
I think i read somewhere before… if your hosting support “cloudflare”, that company have an app that can protect source code. Maybe you can do little research about it. Hopefully you’ll find what you’re looking for. Thanks
Only server side code can be protected - anything loaded into the browser can be decoded using the browser - if it can’t then the browser will be unable to display it.