I see some websites allow users download our source include html file, css file, js file ... and almost. I don't want to do this for my website. What should I do? Thank for wathching!
P/S: If you can, please show me this approach with Zend. I'm using Zend 1.9.6.
You cannot restrict the download of resources. The browser needs to download them in order to process them, if you restrict them from being downloaded the browser wont be able to access them as well.
That is impossible. The browser need the source code to display your site, in the same way you can't prevent the user to download an image if you show it to them. The best you can achieve is obfuscate your CSS and Javascript to a hard to read scrambled code, using YUICompressor, for example. But someone determined will always be able to decipher your code logic...
As said its impossible to hide js or css files but what you can do is minify(compress) them which will make it harder to interpret by user and making your site load faster at the same time .
Check this implementation of minfy library with ZF , it provides css,js view helpers to automate the compression .
http://hobodave.com/2010/01/17/bundle-phu-compress-your-js-css-in-zend-framework/
If their browser can't read your HTML, how can it display your page?
They won't be able to read your PHP (assuming that your server is set up to parse PHP correctly), but they will always be able to read the HTML output.
Related
I want to make a system that lets the user fill in a form where he specifies a database name, and uploads a background picture.
Then, I want to create a swf file with the background picture and an urlrequest from a template swf file.
The only problem is, I don't think there is a way to make an swf file without doing it manually, anyone knows a way to achieve this?
Just to be clear, I know how to make everything except how to output an swf file manually.
I have a little bit of difficulty with formulating my question, so feel free to ask for additional information. :)
Basically i'm looking for a server side as3 compiler.
quick google for "server side SWF generation" gave me this link (among others) also I'm sure there is a class to create SWF same as there is to generate PDF's from within SWF's.
Currently working on an offshoot of the idea more adequately addressed here.
Creating a Secure File Hosting Server for PDFs
I'm developing a secure PDF hosting website where certain users can download certain PDF's that I have stored outside of the webroot to prevent people from accessing documents they shouldn't access.
I've got the download working using the first solution, but I want to implement a 'view/preview' feature too. I still don't get content headers as well as I should but I believe what is causing the bulk of my issues is I can't put a 'src' attribute on the embed/object/iframe/whatever. And that's kind of the point of the system.
My question is, is there any way to feed a file (as opposed to a url) to an embed/object? I would like to keep my current system and I'm going for simplicity at the moment so the easier the better.
I saw Recommended way to embed PDF in HTML? and will probably check out pdf.js if I'm trying something that isn't doable.
I have not yet had the chance to play with pdf.js, but it either that or a flash player of some sort.
Or you rely on the browser to display it has a webpage and you can iframe it, but that's so lame... it would work only for a fraction of you users.
PDF2SWF - convert PDF to SWF ( 1 page = 1 SWF).
Use other SWF (reader) to load SWF pages via XML or something else.
Use $_SESSION to store ID of PDF document which should be served through e.g. /preview (same link for previewing all documents)
Don't serve original PDF, put a watermark, or make them low-res.
Otherwise, your PDF will never be "secure".
http://www.swftools.org/
Hi,
I download a large amount of files for data mining. I used to use PHP for this purpose but I am finding it to be too slow. Also I just want a small part of the web page. I want to achieve two things
Curl should be able to utilize all my download bandwidth
Is there any way to download only a part of the web page where my data resides.
I am not confined to PHP. If curl works better in terminal I would use that.
Yes, you can download only a part of the page by using the CURLOPT_RANGE option, and you can also provide a write callback function that simply returns an error when you've received "enough" data and you want to stop and move on.
Are you downloading HTML? Your comment leads me to believe that you are. If that's the case, simply load up the html with Simple PHP DOM and get only the part that you want. Although, I find it hard to believe that grabbing just the HTML is slowing you down. Are you downloading any files or media as well?
Link : http://simplehtmldom.sourceforge.net/
There is no way to download only part of a page. When you request a URL, the server response is what it is.
Utilize more of your bandwidth by using cURL's ability to make multiple connections at once.
Is there anyway to hide .swf path showing up from webpage?
you can use a php script something like getswf.php?name=flash.swf in your flash tags. Then create getswf.php script to respond with output of flash.swf file, and keep flash.swf file in a directory outside of public directory.
There may be ways to make it difficult to view. However, nothing you do can stop an intelligent adversary from using a tool like Fiddler to monitor web traffic and undo all your obfuscation.
I think this is a fairly pointless exercise. Any resource that gets sent to a browser, be it an image, sound, flash movie, even flv files loaded by the YouTube player, can all be saved to disk fairly easily.
As Justin mentions, Fiddler can achieve this easily.
As others answered it there are ways to do it using your script. If you are looking for a paid option check this out Media Vault.
Hiding the URL to the swf file might be quite a challenge but there are other things you can do if you're wanting to more closely protect the video/data being displayed by the swf.
I'll run through a couple of ideas in the order I think them most obfuscated with the least first. Bare in mind that most of these techniques merely make it harder to get to the information/video rather than making it impossible to obtain.
The main idea most sites tend to follow is that of having the swf as a player and the content in another file somewhere else, usually an flv or mp4 etc.
Add flv location through Javascript
This technique is as basic as it sounds. You have your swf player on the page and pass a new variable too it (such as 'file') with the location to the flv file using Javascript. If you're already loading your content with some kind of JS flash module then all the easier to begin implimenting.
Obfuscating flv location through XML
Another techniqe I've seen used quite recently is that of having an XML document as a paremeter to the swf player and then the flash player itself resolves the URL of the flv from a node in the XML. It's easy to get to the flv URL if you want to but it does make it that little bit harder.
Token access
This technique can be used in conjunction with any of the above two. You basically ensure that your flv files can only be accessed with the use of a special token otherwise the page returns a HTTP error. The token would be understood by the flash player and the server and upon the player making a request for the flv, a token must be included (usuallu the token itself is obfuscated in some way that it cannot be easily mimmicked through a simple GET request).
Domain access
Very similar to the above however in this case, the flv file will only be loaded when the requesting URL is a specific site. All other requests will be denied (such as directly hitting the flv location in your browser.
As stated above, none of these methods make it impossible to get hold of your flash material. If it's on the web (or any network for that matter), it's possibly a target. You'll usually find for most things that making it harder to obtain will deter a lot of those who would otherwise have been privy to downloading your content.
Completely hiding the URL to the swf
If your only criteria is to hide the URL then hiding it behind a URL rewrite is the best option I can think of.
Your swf might be at /location/flash/player.swf?file=summer.flv and then you could do a URL rewrite to something like /vacations/summer2011/.
This way the URL to the swf is completely hidden away and this should satisfy your desire to hide the swf path.
The answer is NO.
You may not want to believe it. but it is a fact. you can do all you like to obfuscate it. but the browser needs to find it. if the browser can find it so can anyone else.
A server side script that acts as a loader will hide the real path to the file, but to what purpose. the end result is the file is still available.
If you want a simple answer, so simple people can't find it then the people here have given you some suggestions. obfuscation is the best you can hope to achieve.
Alternately only allow approved users access to the file. that way they need to log in to get access to it. but if you want it available publicly then its well, public!
DC
We are downloading images to our computers when we open new webpages. For example: If a webpage has an image(image.jpg), our computer downloads it while we are surfing that page.
Some webpages are using ajax methods. For example: You don't see an image on the page's source codes, however your computer downloads an image. Because, if you click a link on that page, ajax will be showing that image...
Let me show an example:
<div id="ajax_will_load_image_here"></div>
Okay, how can php curl see (or download) that image? Curl can't see that image when I try to use preg_match function. Actually there is an image. I want to download that image by using php curl. Any advice?
If i understand the question correctly there is no convinient way of doing that.
Your crawler/spider would have to parse the website and evaluate javascript.
There are libraries for that but support is very limited.
There are however methods where an actual browser is used to evaulate the page (without displaying it but setting proper environment variables like resolution etc).
Then the generated source including javascript dom modifications is available.
This is for example how the google search previews are generated.
But if you require user interaction it gets pretty specific and complicated.
I am sorry to dissapoint you, but using curl and preg metch the old school way we used to when javascript was not yet so common wont work.
However for most legit use cases this is more than sufficient and websites are today more and more designed to be non-javascript compliant. Especially the content for crawling purposes. It is a must in search engine optimization, and which website doesnt want that?