OT: Web page source code

Jose Lerebours fp at fpgroups.com
Tue Aug 12 10:46:16 PDT 2008


Mark while flying high dropped us a posting:

>> 
>> There are some products that claim to compile your HTML thus
>> protecting it from prying eye - Just google "compile HTML" and
>> peruse through the results.
>
>What are you on, Jose? You want to look at 'encrypt html', not compile.
>The compilers will do things like make .chm files for eBooks, or standalone
>executables--not make something usable on the web.

The original poster does not go into detail of what exactly he intends
to 
do, so the possibility that one of these products will serve his purpose
exists.  I think they do more than creating a CHM but I am not going to
argue with that ... since it is also possible that that is all they do.

I did say "claim to" and mearely suggested he looks at those options and

made no emphasis that these are an absolute solution.

>> That said, if you are concerned about your HTML code, I say STOP writing
>> web pages and stick to filePro. Your true concern should lie on you
>> server side scripting or your CGI scripts. HTML is nothing anyone would
>> be interested. Except of course for the very newbies that have no clue
>> and even then they are likely to take advantage of pages written by pros
>> (since you are using front page 2K2, hints me you are not a pro - no
>> offense intended).
>>
>> In the other hand, if you are worried because you are posting hidden
>> fields and are concerned about revealing this content, you are then using
>> the wrong approach.
>
>And again, what are you on? There's nothing inherently wrong with CGI.
>A -properly- designed application need not divulge any field information
>than necessary--use sessioning and transfer only the fields you absolutely
>need to come from the client side, keeping the rest on the server side to
>be looked up via the session ID you transfer back and forth. As for data
>security in general, that's what SSL is for.

I did not say that there was anything wrong with CGI.  I simply stated 
that no one should be concerned with the rendered HTML code.

>Just -don't- use fPCGI. THAT would be a security nightmare unless you get
>well away from their default configuration.
>

I would not know about that, I have never use it nor intent to ever use
it.
Of course, if a project comes alone where IT is the tool to use, then I
will
use it. Given the choice, I rather not.

>>I haven't seen this much fear, uncertainty, and doubt put forth in quite
>>some time, Jose. Geez. Do some research. 

That was not my intend, and if I put fear on you or any other member of
the
list, I sincerely apologize for that.  I was trying to be constructive
and
direct with the hope that the message gets home.

>>And talking about CGI security
>>is really rich from someone that touts PHP--arguably the biggest security
>>nightmare to come forth in the last decade. I got a good laugh out of the
>>irony, thanks.

I love it when people mock PHP.  PHP itself is not any worst than Perl,
Python, ASP, JSP, or any CGI tool available out there.  I really believe

that how the applications are written is what defines their structure
integrity or lack there of.

I am very comfortable with PHP.  In all the years I've been writing
code, if 
I dropped a language or tool just because I heard it was problematic, I
would
have never worked in this industry.  Imagine what would have even happen
with
filePro if we ever pay any attention to that kind of talk ...

Any way, we are all entitled to our opinion and I humbly respect yours.

Regards,


--
Jose Lerebours
http://www.fpgroups.com
954-559-7186
filePro + PHP Solution Developer






More information about the Filepro-list mailing list