|Author : DAOUDI Samir | Context : MSc Software Engineering – Internet Programming
Internet is a wide interconnexion of different networks and servers working all together to provide user with the required information quickly and easily. The basic element composing Internet is a web page, which is the elementary object that can be interpreted by web browsers. The principle is quite different from the classic applications (WinForms) that were compiled and executed by processor (Burnett & Foster, 2004).
A web page has in general HTML code that can be interepreted by browser, the interpretation process can be widely described as the fact of reading throw the document source and rendering it in the screen. Hence, in general the majority of web pages’ source code can be easily viewed by any user.
Web browsers include functions for easily view the source code of a web page (or it’s rendition in case of dynamic web page) by simply clicking in a menu. This feature might be in majority of situation helpful especially in case of web developers curious about how to develop or design a part of the site. I personally used this approach for long time to learn how to create some specific parts of web sites and it was very instructive and helpful for me. However, sometimes the efforts made by some web developers are important and protecting such code became mandatory.
Why protecting code ?
Different reasons might conduct the web developers or companies to protect their code from illegal access and use. Some of the important reasons are :
– The great effort made in creating this code.
– The critical aspect of the code (parts of the code might contain sensitive information as connections’ details and other that should never be available for everyone).
– The financial aspect of the web site : Web sites might propose some web content like flash template, some specific functionnalities as e-commerce platforms …etc. and their entire business is based upon these services, so it is really critical for them to secure and hide the code of these features.
– Innovation : The code might be considered as an innovation and company’s concurrent have not yet built such feature, hence, it is important to protect this code.
How to protect web page and functionnalitites codes?
Here are a list of some important technics that we can use in order to secure and minimize the hacking and stealling content chances:
1. Copyright Notice: In many countries (UK, US and EU) any web site is protected without an official copyright notice. In other nations, the official copyright notice is required. So in general, the copyrigh notice is added in the bottom of the page, in addition to that, we can use the copyright metatag <meta name=”copyright” content=”(c) 2012 Your Company” />. Comments can also be added to the code with the copyright message <!– Copyright 2012 Your Company –>.
2. Protecting the different pages and folders : Checking that the permissions of site’s folders are correctly configured and checking the access logs regularly for any attempts of hack are some of the best pratices that should be followed regularly.
3. Robots.txt file: If we need to ban some robots or some countries from acessing our web sites and hence, reduce the bandwidth.
4. .Htaccess file: Some countries have deserved reputation of fraud and content theft. So for certain companies, there is no sales potential in this countries. In addition visitors refered from web sites that list cracks and serial numbers for example would not be appreciated in sofware companies’ web site. It makes sense to ban all these visitors and avoid wasting bandwidth with them.
The web servers follow instructions in .htaccess files which can be placed in any directory and can be used to :
– Password protect folders
– Ban specific web robots
– Ban visitors with specific IP addresses and countries
– Allow users with specific IP addresses
– Stop directory listings
– Ban specific download software
– Redirect visitors to other web pages and web sites.
5. Index.htm: Another best practice, is to put index.htm or index.html file in each folder of the web site to avoid thieves from viewing other files located in the directory
6. With PHP: When using Content Management Systems (as joomla) or board systems like phpBB, it is recommended to change the default settings for example set display_error to 0 (as the error messages can give many critical information to hackers
7. Scripts: It is also recommended to check regularly the security of scripts used in our web site. Verifying this can be simply by searching any fixes or safe alternative or patches. We should also rename any common scripts before installing them.
8. HTML Encryption: The HTML page can be scambled. Using a script which is added to the beginning, the code can be unscrambled so the web browser can display the content. If a user tries to view the source, he/she will be able to see the scrambled version. The only issue with this approache is that seach engines won’t be able to read the content of the web page (Jepson,2010).
To conlcude, I would state that different technics exist, each one suit specific situation and specific requirement. However, these technics cannot guarantee 100% of safety. One way to increase the security level is to combine different techincs together and keep up to date.
Terry Jepson (2010). Protecting your Web Site . Available online at : http://www.wiscocomputing.com/articles/protect_web_sites.htm
Mark Burnett, James C. Foster (2004) . Hacking the Code: ASP.Net Web Application Security. ISBN: 1-932266-65-8.