Sneaky source protection

[jez]

Hi there,
This is a question that i am sure many people have wondered about.

I work on lots of scripts and bits of code that end up on the internet, usually I put my name and the date in comments at the top....only saying I have written it, nothing that could be a problem legally (i.e. re-ownership), just like a painter signs their work.

However I have recently come across someone ripping my code and claiming it as their own (and it was my last boss!!).

To combat this I wrote a subroutine that lives in the common.sub library I have for all the common subroutines used on that site.
Basically having elsewhere converted a little 'written by Jez' to ASCII, the subroutine converts it back and prints it at the bottom of each dynamic page my scripts generate, but in the same color as the background so it only shows under highlight (and only i know to highlight).

This works quite nicely and is almost like the watermark effect on bank notes, but there is a problem.
The true (de-ASCII'd) writing is plain to see in the HTML source (as generated by my scripts), but then of course finding the source in my code is harder.

Is there any way to hide code in HTML or do i have to live with this.

Also I would welcome opinion on this and whether there is better ways to do it. Or even whether I should be doing this kind of thing atall. - should I just be happy in the knowledge that I could re-write any scripts I've written and the code-theif couldn't?

Cheers

Jez

;-)

 

[tsdragon]

There isn't any way I know of to hide things in html, unless you use a javascript function to decode and print it.

How was the thief able to get his hands on your code anyway? Usually there isn't any way to get at server-side code unless you have ftp or telnet access to the cgi directory.

Either way, I guess there's not much you can do about it except put up with it. Especially since it was your boss. Tracy Dryden
tracy@bydisn.com

Meddle not in the affairs of dragons,
For you are crunchy, and good with mustard.

 

[MikeLacey]

<wry smile> take is as a compliment... I guess Mike
michael.j.lacey@ntlworld.com
Email welcome if you're in a hurry or something -- but post in tek-tips as well please, and I will post my reply here as well.

 

[rycamor]

A friend of mine digitally signs many of of his Perl and PHP scripts in a clever way: if you call the script from the browser and append a certain variable on the query string (filename.cgi?fribble, or something like that), then it outputs a string into the HTML document, saying who the author is. It wouldn't be too difficult to encode this string in your script, and bury the function somewhere, so that anyone ripping you off would have to spend some time figuring out what you were doing.

Fur a fun way to confuse someone reading the HTML source, just use the HTML Coded Character Set (

http://www.w3.org/MarkUp/html-spec/html-spec_13.html).

Letters will just look like &quot;&#65;&quot; to anyone reading HTML source, but it will show up as normal text in the browser.

 

[rycamor]

Actually, The letter above was supposed to look like the & symbol, followed by a hash &quot;#&quot;, followed by the number 65, followed by a semicolon &quot;;&quot;, but the Tek-Tips parser faithfully translated it for me ;-).

 

[jez]

The source theif, (she) did have root access as she was on the same project, but not as a developer. And it wasn't too serious as the people who counted, (from my point of view) knew the score, and the scripts were fairly basic.
But it got me thinking on the whole idea of putting a signature on stuff, just to show up anyone who does try to rip it.
In general I like the IT industry because when it comes to it, if you say you can do something, people generally expect you to do it so you can only exaggerate so much.
Most other industries are based on how much you can exagerate and mislead people and thats crap.

Cheers for your opinion, I guess at the end of the day it's just a compliment, but when I perfect a workable, effective, simple, digital encryption signature copyright protector, application. I let you know ;-)


Jez
;-)

 

[jez]

Yeah I just checked the list, and I figured that was what must have happened...good idea though!

 

[kempis555]

I don't think the text having the same color as the background color is a good idea. An image used as the background would make the watermark show up.

There is the comment tag in HTML that you can use: <! this code iz by me>

Would that work?

 

[jez]

I agree about the background image, and this whole issue of putting your name in the source is fraught with possible issues. As for the comments, that was my original method of doing this, only to find that the comments with my name in being deleted later.

I have thought more about this and the suggestion of adding a parameter to show author info is what I'll go with (thanks to rycamor), because I don't want to effect the normal running or use of my scripts, and having people accidentally highlight this kind of stuff may get me in trouble, depending on which site it's on (i.e. commercial or non-commercial).

But knowing to call a parameter with the script i.e.

http://www.mysite.com/cgi-bin/myscipt.cgi?auth=1

is a very subtle and effective way of doing this, also though I thought i would use the ascii conversion trick and the coded HTML characters aswell, just for good measure.

Like I said, at the moment this hasn't gone far enough to be anything more than a bit of annoyance, so my efforts in 'signing' my stuff are just for fun / gen interest.

If anyone wants to see the source once I'm done, post a request here or email me...jmanse@hotmail.com