Concealing the Page Name (part one)

So you don't want people to be able to tell what your individual pages are called and want to restrict the way that people access your pages? Well this page and the one following are an actual example of how to do it (and also shows how anyone can relatively easily bypass such restrictions if they really want to).

The name of this page does not appear in the address bar because the page name of the page you are reading is not index.html and it's not even in the 'hidden' directory. The reason that you can't see the name of this page is because this page is inside of a frameset (which is called index.html).

This doesn't look like its a frame page because there is in fact only one frame within the page. You can look at the source code for the single page frame definition by selecting 'view/source' from the menu bar of your browser. From this you can find out the name of this page. By placing all of your pages within a single frame frameset, you can avoid displaying the name of each page within the address bar.

Normally in this situation, you can easily access the source code for the individual frame within the frameset by right clicking and selecting 'view source' from that menu. You probably cannot do that on this page because I have included oncontextmenu='return false;' in the body tag which completely blocks access to the context menu both from the right mouse button and the keyboard in both Internet Explorer and Netscape (much more effective than using a no right click script). I apologize to those who rely on the context menu for site navigation for any inconvenience. Of course, if you know what you are doing you can still access the source code from the copy that has been made on your computer by the browser so while the source of this page is concealed, it can still be accessed by someone who knows what they are doing even if they are using Internet Explorer or Netscape as their browser.

For those using Internet Explorer, disabling the context menu on this page also means that they cannot right click any of the images on the page to save them on their computer. Anyone can however still access copies of the pictures on their computer if they know where to look or use a different browser.

To ensure that this page cannot be displayed separately (outside of its frameset) I have also included the following javascript (which does work with all browsers - assuming that they support javascript).

if (window.location == top.location) top.location.href = "index.html";

This JavaScript will force the page to be displayed within the frameset even if you did type the actual page name into the address bar. Also if you were able to figure out the name of the second page and tried to load that the first page would still be the one to load.

Of course the person viewing your page can always disable javascript in their browser which would allow them to load this page outside of the frameset. You can discourage that by generating the actual page content using document.write statements in javascript so that with javascript disabled the page content does not appear. This doesn't stop the page content being accessed with javascript disabled, it just makes it more difficult.

To better illustrate the effect of hiding the page names of the pages being displayed, I will continue this discussion on another page. In this case the link to the next page is a straightforward link and the text is included in the page rather than being generated by javascript. If a server-side script were substituted then it would not be possible to find the name of this next page by accessing the source of this one.

Continued on next Page

go to top

FaceBook Follow
Twitter Follow