Protecting Your Scripts
You've worked hard on your script, and now it's time to put it on the Web. What can you do to protect it from being used and reused by others? Here are some simple options you can use to protect your work.
Protecting Your Scripts
Make it available to others to copy.
A question often asked is "How can I protect my scripts from being copied/stolen/dissected by others?"
Here's the problem. If you are working with a programming language, such as C++, Java, or Visual Basic, the compiling process—the process that creates the executable or applet—protects your script from prying eyes and inspiration seekers. Figure 1 shows an example of what compiled code looks like.
Figure 1 Compiled code.
So what can you do? Well, before we look at what you can do, let's getsome of the myths out of the way and just run through some of the things thatyou cannot realistically do to your online script.
The same applies to your images too, another common Web commodity that developers would like to protect.
You cannot "password protect" your scripts...unless you make the password available to everyone.
You cannot disable the visitor's ability to download Web pages.
You cannot prevent the visitor from looking at the source of your pages (there are ways to override the right-click that gives access to the "view source" option by using script but this is unreliable—to begin with there is a "view source" on the menu too! Figure 3 shows you an alternative way to access view source.
Figure 3 An alternative way to access view source.
So, what can you do? Here are some ideas that can help you protect your intellectual property on the Web.
Don't Put It on the Web
This is the number one rule for anything on the Web...if you want to keep it absolutely safe, keep it off the Web. This might seem rather harsh, but it is realistic and is the only guaranteed way to keep your stuff safe!
Go for Java
Go for Flash
Add the Artist's Signature to Your Work
There are three good places to place this notice:
At the beginning
At the end
In the stream of the code
A notice (or notices at regular intervals if the code is long) in the stream of the code makes a great deal of sense because it is harder to spot and makes removing them all more difficult.
Here is an example of all three forms in action:
Adding all three to such a short script might be overkill, but if your scripts are reasonably long, it makes more sense.
Use Absolute URLs in Your Scripts
Whenever you need to use URLs in your scripts, you can make them harder to "remodify" for use on other sites by making all the URLs it contains absolute URLS. So instead of using image1.gif, use http://www.yourURL.com/image1.gif. This will slow down anyone looking for "inspiration."
Place your script or scripts into one (or more) external script file. This is still a plain text file, and it is still subject to the same vulnerabilities as the other forms—but they are harder to read, follow and modify. The more you use (within reason), the better the protection will be.
Make Your Script Hard to Follow
Why comment a script on the Web? Who are those comments for? Strip out the comments (apart from the notices mentioned earlier) from your scripts before making them live—you can always keep a commented copy for your own use.
Encode Your Scripts
If you are creating script for an Internet-Explorer-5-or-later-only target audience, you can use the new Microsoft Script Encoder to encode your scripts and hide them from prying eyes.
The Windows Script Encoder allows you to encode any scripts that you might have in HTML pages, ASP pages, and Windows Script Host files so that it is difficult for users to read your code. Note the word difficult—not imposst—it's not foolproof, and there are crackers out there for it.
You can download the script encoder from http://msdn.microsoft.com/scripting/vbscript/download/vbsdown.htm.
Using the script encoder, which is a command line program, you can turn it into the following script:
Into this encrypted script shown below:
<html> <head> <title>Test Page</title> <script language="JScript.Encode"> /* * Written by Joe Bloggs on 2001/07/20 * youremail@yourURL.com; http://www.yourURL.com */ //**Start Encode**#@~^PgAAAA==@#@&0; mDkW PkOlMYc#@#@&´@#@&lV.YvJ?bh2VPkm.k2OeJbi@#@&8@#@&mA8AAA==^#~@</script> </head> <body onLoad="start()"> </body> </html>
By typing in the following at the Command Prompt (with the Script Encoder installed). See Figure 4.
Figure 4 Command prompt instructions for Script Encoder.
The Script Encoder is really easy to use, you just need to remember to place //**Start Encode** where you want the encoding to start. It's quick and easy to use and is an effective deterrent, but it only works in an Internet Explorer environment, which is a severe limitation indeed.