HTML Guardian FAQ - Protection issues

Can I encrypt ASP files?
Yes. HTML Guardian provides two encryption methods for .ASP files - Standard and Enhanced. A comparison between them you can read below, and in the "Protecting ASP files" section of the Help file. Note that in Standard mode, HTML Guardian will only encrypt ASP files server-side parts of the code by default.
You can also encrypt client-side code in ASP files, please read the Help file for details.
Server-side code is not visible to the web site visitors if they view the page source or save the asp file to disk. But it is what takes most of the time and efforts when you develop asp solutions. So this option can be very useful if you need to give the asp source to some third parties - they can test what you've done on their server, but can't steal or reuse parts of your encrypted ASP source code. In general, it is a good idea to encrypt asp files even if you don't give them to anyone - this will protect your work if someone for example knows your password and can have ftp access to your server. There are also several bugs in Microsoft's asp server that make possible a knowledgeable person to retrieve the real source code of your .asp files if the asp server is not well configured. In most cases the asp server configuration is done by somebody else and you can't know if it's vulnerable to such attempts - so it's always better to protect your asp source code.
All additional protection options can be used for .asp files, except password protection.
In Enhanced mode, HTML Guardian encrypts asp files and the client side code in the server's response entirely. Some other features are also only available in Enhanced mode.
Note that ASP encryption [Standard] is unlimited only in HTML Guardian Professional / Enterprise Editions. With the Personal edition, only relatively small .asp files can be encrypted when using the Standard mode, for bigger files the 'not encrypted' message will be displayed. In Enhanced mode there is no file size limit, but in Personal and Professional editions the HTML Guardian banner will be inserted in protected files. The Enhanced asp encryption is fully functional only in the Enterprise edition.
A complete comparison between HTML Guardian Personal, Professional and Enterprise editions you can see here.
For a detailed explanation of ASP files encryption, please read the Protecting ASP files section of the Help file.

The table below shows all the differences between the Standard and Enhanced ASP encryption.
[ Note: HTML Guardian treats includes (files included in .asp files with the <!--# include file ..--> or <!--# include virtual ..--> statements) in a slightly different way than other asp files, as explained in the Help file. That's why the features available for includes are separated from the features available for files that are not used as includes) ]

ASP Encryption Type:  
Standard
Enhanced
Features available:
ASP source encryption
Partial - by default, only the server-side parts of the code (enclosed within <% ... %>) are encrypted. Client-side html & script code remains un-encrypted. It is possible to encrypt predefined pieces of pure client-side code - this requires small modifications of the original asp source.
Full - the source code is encrypted entirely - no portion of the code remains unencrypted. Modification of the original source code is not needed.
Using the additional protection options for .asp files
Yes
Yes
Encryption of includes
Partial - only the server-side parts of the code (enclosed within <% ... %>) are encrypted. Client-side html & script code remains un-encrypted.
Full - includes are encrypted entirely - no portion of the code remains unencrypted.
Using the additional protection options for includes
No
Yes
Encrypting ASP server response (the code that the server generates and sends back to the requesting browser)
It is possible to encrypt predefined pieces of pure client-side code in the server's response - this requires small modifications to the original asp source. The parts of the code dynamically generated by the server can not be encrypted in the server's response.
All the client-side code will be encrypted in the server's response. Modification of the original source code is not needed. The parts of the code dynamically generated by the server can not be encrypted in the server's response.
Encrypting ASP server response for includes
No
Yes
ASP code compression
No
Yes
Back to Top

If I encrypt ASP source code, will this affect ASP server performance?
No. We did a lot of tests, including tests where hundreds of encrypted asp files were requested from the server per minute. There was practically no difference in server's performance between tests with encrypted asp files and tests with unencrypted files.
If you encrypt asp code, the resulting decrease in performance will not exceed 1 - 2.5%, which is practically nothing. In most cases, there will be no difference at all.
Back to Top

Can I protect my html code and scripts?
Yes. If you encrypt them, no portion of the code can be reused in another file. It is not possible to identify and extract a part of the code which corresponds to a certain part of the document's visual layout. For example, if you have a table in your page, it is not possible to determine what part of the encrypted code corresponds to that table. Editing encrypted files with HTML editor or in any other way is not possible. Changing even a single character will make the whole file non-working.
Back to Top


Why all the experts recommend HTML Guardian for web site protection? There are so many programs that look similar.
Ask the experts :).
There are really many programs that seem similar to HTML Guardian - but only at first sight.
Actually there are a lot of features unique to HTML Guardian and not available in any other program. The most important of them are:
- strongest protection - HTML Guardian is worldwide recognized as the most secure website protection utility, even all our competitors acknowledge that. Files protected with most of the other similar programs can be deprotected in minutes even by not so knowledgeable users. Files protected with HTML Guardian are known to be the best secured ones.
- error free encryption - HTML Guardian's Code Analyzer ™ engine is unique , there is no similar tool in any other program. It debugs the encrypted code in all major browsers and ensures error-free rendering of the encrypted file in all browsers installed on any operating system. Files protected with other programs very often cause browser or even system crashes - you may have no idea of those problems if the files work OK on your PC, but the result of such problems could be that a lot of people will never visit your site again. Of course HTML Guardian is not bug-free, but Code Analyzer™, encryption and debugging engines knowledge base is updated regularly.
- full web site protection - you can protect almost all types of web files - html, shtml, asp, javascript, vbscript, style sheets, images etc. - no other program can do this. Most of them can only protect html files, with questionable results and / or a very weak degree of protection.
- integrated web site image protection - not available in any other product. No other program ensures full image protection. Actually no other program can really protect images at all. Some have basic functtionality of this sort, but the very low overall security level compromises the protection and renders it useless.
- ultra-strong password protection - not available in any other product. Many similar programs claim they provide secure password protection, but in all cases we tested it was actually very weak and it took several minutes for our cryptography experts to crack it. In fact, in most cases experts were not needed at all - a very basic knowledge on Javascript was enough. Almost all similar programs use elementary algorithms for password protection, most often taken from websites that provide script examples. HTML Guardian provides extremely secure, up to 384 bit key password protection - no other program ensures such level of security, or even a closer level of security.
- asp source code encryption - not available in any other product. There is no other tool available on the market that can protect asp source code in any way. HTML Guardian can also protect client-side code in the asp source.
- standardization - HTML Guardian is already a web standard for intellectual property protection. This may not seem very important for individual users at this time, but will become more and more important in the near future.
- fast support and bug-fixing- all user - reported bugs are usually fixed within 48 - 72 hours. A bug-fixed version is available for download for all users immediately after it is released via the auto-update utility.
- auto-update via the web - check for updates, download and install them automatically from the internet. All the updates we release are immediately available for registered users for free.
- full command-line support - automate HTML Guardian and send commands to it from your own C, C++, Visual Basic etc. programs, scripts or batch files. This feature is used from many software developers.
- advanced batch file processing - encrypt file lists or entire web sites with protection options specified for each file individually. The Site Manager tool allows you to customize the layout of the browser in which the protected site is opened and optionally remove the Address(URL) bar, Menu bar, Toolbar, Status bar. Not available in any other product.
- powerful partial encryption capabilities - in case for some reason you do not want to encrypt the entire file, you can define exactly which parts of the code to be encrypted (or which parts to remain unencrypted). Not available in any other product.
- more than 80 different encryption algorithms - when protecting your files, HTML Guardian uses more than 80 different algorithms. But you do not have to hesitate which one to choose - after examining the source code, the CodeAnalyzer™ engine automatically selects the one that ensures maximum security and best performance.

All the above is just a brief summary of the most important HTML Guardian advantages. There are many others not listed here. Please download HTML Guardian and test it yourself.

Compare HTML Guardian to other tools for website protection
Back to Top

Can I protect my images?
Yes. If you choose to disable the right click in the encrypted file, visitors will not be able to right click and select 'Save image..' from the context menu (this will also disable the IE6 Image Toolbar). If you choose 'Save As' from the 'File' menu in Internet explorer, it will save the html file and all images and other files referenced in it. But if the file is encrypted, images and other files will not be saved.
You may also use the 'Disable Clipboard & Print Screen' option to prevent taking screenshots of your pages.
However, when someone browses your site, all images referenced in html files are first downloaded and then displayed. So all your images are somewhere on visitor's hard drive. They are not stored under their original names, but are still there and someone can find them, although that's not so easy and most internet users don't know how to do that.
For a complete image protection , you have to use Image Guardian - HTML Guardian add-on especially designed for advanced secure image protection. Note that Image Guardian is fully functional only in HTML Guardian Enterprise Edition.
A complete comparison between HTML Guardian Personal, Professional and Enterprise editions you can see here.
Back to Top


Can I disable the Image Toolbar in Internet Explorer 6?
Yes. Selecting 'Disable right click' feature will also disable the Image Toolbar in Internet Explorer 6. But for a complete image protection , you have to use Image Guardian - HTML Guardian add-on especially designed for image protection. Note that Image Guardian is fully functional only in HTML Guardian Enterprise Edition.
A complete comparison between HTML Guardian Personal, Professional and Enterprise editions you can see here.
Back to Top


Can I protect java applets?
You can not protect the java files(.class, .jar, .cab, .zip) with HTML Guardian.
But you don't have to worry about that. Almost all applets has to be configured to work. This is done through parameter tags inside the <applet> tag, i.e. applet configuration is a part of the html code. The applet files are useless if you don't know what parameters to use and what values are acceptable for them, but this info can't be obtained from the encrypted html file. So your applets are safe.
There are also many applets you have to pay for. They usually need some kind of registration number to work, and this number is provided as a parameter inside the <applet> tag - anyone can see it, get the applet files and use them with no problems at all. If you encrypt html files which use the applet, this will be impossible.
Back to Top


Can I protect my links from stealing and leeching?
Yes. You have to check the 'Disable right click' and 'Don't show links in status bar' boxes. This way links can't be copied by using the right click context menu, and link targets will not be visible in browser's status bar when the mouse is over a link. Be careful when using the 'Don't show links in status bar' option - it will suppress your custom status bar messages, if any.
HTML Guardian will also make impossible link leeching. Many programs(such as popular download managers GoZilla and GetRight) can leech all the links from a html document. If for example you have a picture gallery on your site, it's a one minute job to leech the links to all your images with such program. Then someone can directly use your links in another site, this way not only stealing them, but also generating a traffic to your site which you may have to pay.
So HTML Guardian will not only make impossible stealing and leeching of your links, but may also save you money in case you pay for the traffic.
Back to Top


Can I prohibit copying text from my pages?
Yes. Check the 'Disable text selection' box. This will make impossible text to be selected and copied by dragging the mouse, pressing Ctrl+A or clicking 'Select All' either in browser's Edit menu or in right click context menu.
Back to Top


Can I prohibit printing of my pages?
Yes. Check the 'Disable page printing' box.
Note: This will not actually 'disable' printing. If someone tries to print a protected html file, only blank pages will be printed.
Back to Top


Can I encrypt only some parts of the code?
Yes. You need to use the partial encryption option. Since this option is not available in HTML Guardian's main window, many users get confused. HTML Guardian can encrypt either entire file, or only desired parts of it.
If you want to encrypt a part of the code, you have to enclose it within these html comment tags(case sensitive):

<!--htmlgstart -->
... here comes the part of the code you want to encrypt
<!--htmlgstop -->

If you want some part of the code to remain unencrypted, you have to enclose it within these html comment tags(case sensitive):

<!--htmlgskipstart -->
... here comes the part of the code you do not want to encrypt
<!--htmlgskipstop -->

If HTML Guardian founds these tags in the file to be encrypted, it will automatically switch to partial encryption mode, otherwise it will encrypt the entire file. Partial encryption is only possible for html files, and not for script, frameset, .shtml or .asp files. You can encrypt or leave unencrypted as many parts of the code as you wish, but you can't mix both partial encryption methods in one file.
Partial encryption can be very useful sometimes. This way you can edit the unencrypted code without having to reencrypt the file afterwards. Also you can use it for big html files, like 100K or bigger - decoding the encrypted code can be slow for big files if your visitors use slow processors, like 486.
You can also use the partial encryption to skip problematic parts of the code and leave them unencrypted. For example some webpage visit counters code may cause problems - just mark this code to be skipped.
Parts of the code selected for encryption or for skipping should not contain unclosed tags, otherwise in some cases files may not be displayed properly. Example:

Correct
Incorrect
<!--htmlgstart -->
<table>
........
</table>
<!--htmlgstop -->
<!--htmlgstart -->
<table>
........
<!--htmlgstop -->
</table>

For DreamWeaver users, we recommend to use the DreamWeaver encryption add-on to add the partial encryption comment tags. You can get this free add-on from our downloads page.
[DreamWeaver encryption add-on installation info]
Back to Top


Can I encrypt files that use server-side includes (.shtml etc)?
Yes, you can. Note that only the code of the .shtml file itself will be encrypted, the includes will not be. This means parts of the code your visitors see in their browsers will not be encrypted (this is the included code). If you want all the code send to the visitors to be encrypted, you have to encrypt the includes separately.
Back to Top



Can I encrypt cascading style sheets(.css) files?
Yes. Encryption of .css files is explained in HTML Guardian's Help file. If you define the styles within the html file, they will be encrypted as everything else.
Back to Top


Can I protect flash animations?
No. HTML Guardian can't do anything in regard to flash (.swf) files included in your site. It can only make it much harder for your visitors to save the flash files used in your website, but it can not protect them, and will not alter them in any way.
Back to Top


Which protection method I should use? What's the difference?
If you use the default method (for 'All' browsers), the encrypted files will work in all available browsers. If you use the alternative method for IE5+ only, encrypted files will be properly displayed only in Internet Explorer 5.0 or higher.
The default method uses standard javascript for encryption. The alternative method uses some features available in Internet Explorer 5.0 or higher only.
The alternative encryption method for IE5+ is faster and more secure, it is practically impossible to be cracked. Many web designers create a separate version of their sites for each browser. In this case you can encrypt the IE version of your site using the alternative method, and use the default method for others. The alternative method can be also used if you create files for internal use, because IE is the standard browser for almost all organizations. It's also suitable if you create files which will be used offline, like e-books or manuals in html or chm format.
We suggest that you use HTML Guardian's Site Manager. It will encrypt your site(or any set of files that reside in one folder) both for 'All' and 'IE5+' browsers and will generate a file which will redirect the visitors to the appropriate encrypted version of your files depending on the browser used. This way people that use IE 5 or higher(now about 90 % of all web users) will see the files encrypted for IE 5+ browsers, and the rest will see the files encrypted with the default method (for 'All' browsers).

Back to Top


Can I password protect a page? How secure is this?
Yes. There are two types of password protection - Basic and Ultra-Strong.
To use the Basic protection, just check 'Password protect this page' box, and in the password configuration window set the password and the action in case the visitor enters an incorrect password. Of course, this is not a PGP sort of protection :) , so don't use this feature to protect highly sensitive information.
However, it is practically impossible to extract the password from the encrypted file, especially if you use the alternative encryption method(for IE 5+ only).

If you need to protect highly sensitive information in an extremely secure way, you have to use the Ultra-Strong password protection. How to do this is explained here and in much more details in the program's Help file.
Back to Top


What will be encrypted?
For html and frameset files, everything will be encrypted except some parts of the head tag, such as meta tags and title - they will remain unchanged .Of course if you select partial encryption only parts of the code specified by you will be encrypted. Scripts are always entirely encrypted.
Don't use partial encryption to encrypt the page title or meta tags - this will not work, and is not needed in most cases. You can use javascript to do what some meta tags do(like refresh) or to change the page title.
Back to Top


Do I need to use all protection options available? What's the recommended set of options?
Of course, you don't have to use all options together. Some of them we added in HTML Guardian because they were requested by our corporate customers, and are not always needed. There is no recommended set of options, use those you find appropriate. However, we suggest that you always disable right click for html files.
Back to Top


Can I encrypt HTML formatted email messages?
Yes, you can. However, there could be problems if the html file you want to send as an email uses external files(like images, external script files or java applets, or external style sheets). For scripts and style sheets, just include their content in the html code rather than using external files. For images it is harder, the only way to send encrypted html file with images inside is to make the images available on the web. So your IMG tags should look like this before encryption:
<IMG src = "http://www.yourdomain.com/images/picture1.jpg">
This is because of the way external files are handled when you send html formatted mail.
Back to Top


Which file types I can protect with HTML Guardian?
HTML Guardian can directly protect the files of the following types:
*.htm / *.html / *.shtm / *.shtml / *.stn / *.asp / *.js / *.vbs / *.css / *.php / *.inc (.inc files are always treated as asp includes)
If Image Guardian is enabled, you can also protect the images in the following formats:
*.jpg / *.gif (but not animated gif's) / *.bmp / *.png
No other file types are currently supported. HTML Guardian can not directly protect files in a format different than the ones listed above(like .cfm, .jsp, .swf, .png, .wav, .class, .jar, .cab or any other file type that may be used in your website). By encrypting the source code HTML Guardian will make unauthorized copying of most files of unsupported types much harder, however it will not modify them in any way.
Changing the extension of any file of an unsupported type to spoof HTML Guardian is not recommended and may have undesired results.
Back to Top



Go back Next: Beta Testing

   © 1997-2016, ProtWare Inc. All rights reserved.