Jump to content
deepentim

Encrypt assest file

Recommended Posts

Can we encrypt CSS files or images? I want to hide location of my site files when user tracks source of my website. Please help.

Share this post


Link to post
Share on other sites

There's FieldtypeSecureFile, which allows you to store files off the webserver root directory and therefore denying direct access to the file. You can then serve the file through your php code, which can check your rules for allowing access to it, before sending anything. I just want to emphasis, that this will need good configuration of the webserver and returned header data, otherwise you'll considerable increase the load on your webserver as content served this way is essentially not server-side cacheable as well as loading php for static files does need more computation. Client side caching can work, but depends on how fast you want to be able to revoke access again. 

I'll just add this part, because you didn't add a specific intend in your post: You shouldn't and really can't encrypt / hide content for unauthenticated users. If it needs to be publicly readable / accessable on your website then it's public no matter what you do. As long as the browser needs to have unauthenticated access everyone else has access, too.

  • Like 3

Share this post


Link to post
Share on other sites

@Martijn I want to hide or  location of css file and images when user inspect source of my website. I can do it with October CMS. Can we do with PW?

Share this post


Link to post
Share on other sites

Maybe it's possible with Javascript to disable the inspector. Or with some hacky script the disables the rendering of the rendered source. Maybe you could disable the context click to the inspector. All the things you try, would be hacky. But you can't insure the the user can't see the source. Then there's always the raw source that you can get from the browser. This is just the nature of webbrowsers and has nothing to do with CMS.

You can prevent hotlinking on the other side.

Share this post


Link to post
Share on other sites

If it hides well there's no example to show :)

  • Like 5

Share this post


Link to post
Share on other sites

True, but a hidden css file cannot power a public website because – well – it's hidden. That's why I asked for specifics. 

  • Like 3

Share this post


Link to post
Share on other sites

If it hides well there's no example to show :)

:-)

A link to a documentation would suffice. Google throws up this one. Don't know if it is the same thing...

Share this post


Link to post
Share on other sites

I mean to say, I wanna compile assets of my websites so that when user inspects website, CSS files and images wont be shown from direct location. i.e path should be compiled like MD5.

Share this post


Link to post
Share on other sites

I mean to say, I wanna compile assets of my websites so that when user inspects website, CSS files and images wont be shown from direct location. i.e path should be compiled like MD5.

And if the path is hashed, how should the browser find the CSS file? Can you please provide a link to a description of this feature from October CMS? 

  • Like 1

Share this post


Link to post
Share on other sites

Perhaps temporary, one-time-only hashes?

Apart from making it impossible to continuously re-use your resources on other sites this makes very little sense to me: in order to use those resources the browser needs to download them and at that point there's no reason to hide them, since the user already has them. In other words this would make your site eat an awful amount of resources for very little actual benefit and it would make caching almost impossible.

On the other hand, if you really just want hashed URLs, and they don't need to be one-time, check out the AIOM+ module. It does some of what you've asked here out of the box, i.e. provides hash-style URLs for CSS and JavaScript resources. It does introduce some additional benefits speed-wise too, so it's not a bad idea to check it out either way.

  • Like 2

Share this post


Link to post
Share on other sites

To my knowledge, there is no means to encrypt the CSS file once it is on the internet. I have inquired about this to the cyber security solutions NCI, 1 year before for my website. If you do anything to hide from users, it would hide from web browsers too. Better to seek the help of some experts in the field.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...