Recently I did some web design work for a person. I continued to show him progress by giving him a link to his new site on my development server. Nearing the end of completion, he dropped all contact with me and I was completely unable to get a hold of him. I took a look at his site recently, and he mixed a combination of his old site, with the new one I was creating. I thought maybe he redesigned it himself after looking at my version, however a quick look at his source code shows that the parts I recognized were full out just copied by viewing the source code on my dev server. So he completely stiffed me and I received no payment from him.
Just wondering if there's anyway to prevent that in the future?
My first thought was obfuscation, but a quick search shows that doing that to html is not recommended and not foolproof anyway.
Obviously this is a lesson learned for me to get some sort of up front payment first, but being able to prevent work from being so easily stolen in the future would be nice.
Are there any developers that have come across similar issues? How do you show someone the progress of your work without giving them plain as day access to your source?
IMHO a good way would be presentations e.g. with TeamViewer or a similar software when you cannot go to your customer.
You could also provide screenshots or a basic remote access with vnc or so, where you customer can see but not touch the site.
The other answers here are just a set of hacks that can be undone.
The client side, HTML, CSS, and JS is made up of all open source technologies. While you could spend a lot of time trying to obfuscate your client side code, your best bet is just to practice better business logic.
The options open up widely on protections for server side code but your question seems to focus on client side code.
For well established trustworthy clients I am much more flexible but new clients I am super careful with. I demand progressive payments. For each deliverable there is a payment involved. That way if the relationship is ever severed both parties have what they want.
When you make yourself an easy mark for scammers you only attract scammers.
What you could do, is use HTML Image Maps with screenshots to create a basic, interactive version of the final product.
Use a website that have an escrow service, or an escrow-like service, where the employer pays all the money upfront to the website, and it will only be released to the coder after achieving a predefined goal.
Many freelancing websites provides this service.
It's possible to encrypt your source code with javascript. Try this website: http://www.iwebtool.com/html_encrypter I never used this tool myself and I don't know if everything works well, but I think it's worth giving a shot. You can always upload the normal source code after being paid. Also, make sure that you have the right contact information of your client in the future. I also highly recommend using a contract in the future so that your client is legally bonded to pay you. Another possible option is giving your client nothing but a screenshot of the site, but of course your site will become static.
I've built a tool, which really encrypts your JS-sources - no simple obscurity by obfuscation, but good security by encryption.
See how it works here: http://ec2-176-34-64-10.eu-west-1.compute.amazonaws.com/nopro/xscroll - it's a demo only for hiding the script xscroll.js
.
When you inspect the DOM in your client, all you see is: nplreq(url)
for each script you bind into HTML head
.
Encryption and decryption are totally transparent to the browser. It is tested with Firefox, Chrome, Opera, Konqueror, IE8-10, Dolphin and Safari on an Android tablet.
Encryption with AES (Rijndael 256) using one-shot-keys which are negotiated between client and (liblock-)server using Diffie-Hellman.
The sources are securely hidden, and only with really great efforts they may be reached again.
You could either just run the site on your laptop or put the entire site behind a login page that requires a password. You would be able to do live demos, but the client would not have access to the site until you have been paid.
来源:https://stackoverflow.com/questions/14590483/prevent-html-source-code-stealing