Can You View Source on This? A study in how to hide web page source code.

This is the mother of all attempts to hide a web page's source code. If you solve it, you'll have defeated almost every trick in the book. When you're done, be sure to read what I really think about the whole affair.

Directions: To solve the puzzle you have to find the secret message embedded in the page's source code. The message starts with the phrase "HIDDEN MESSAGE", so you'll know when you're looking at it.

Clicky here to view the puzzle page...

Here are some ideas for what to do once you find the hidden code: 1) Send me a friendly email with the code attached; 2) Send me a flaming email with a virus attached; 3) Paste the code on your fridge and brag to your kids; 4) Join the Army; 5) Pour yourself a tall, frosty beverage; 6) Go find out how much is inside a tube of toothpaste.

Hidden Source? No Such Thing.

There's actually no way to prevent viewing of web page source code that would come close to meeting even the loosest imaginable security standards. Anybody claiming otherwise is either ignorant or trying to sell you something. Don't buy it. You can obfuscate, you can trick and you can discourage, but you can't hide it.

The Catch-22 of Source Hiding.

Trying to hide source code can get you into trouble. The more obvious the attempt is, the more it attracts the attention of those who tend to look at source code. If sensitive or copyrighted material is protected by these means, it only increases the temptation to have a peek.

What are the techniques?

Most of the techniques I know are used on the puzzle page. My logic goes like this: You learn the techniques by defeating them. You defeat them by solving a puzzle. By solving a puzzle you know that any attempt to hide source code merely presents an interesting challenge to somebody else. I think it's good to learn holistically like that.

Wrapping up the sermon...

For the record, it's my opinion that the practice of hiding web page source code is a misguided effort. I say this for for several reasons: 1) The competitive edge of a website lies in its content, not in any particular program or coding style; 2) The web thrives and its designers are successful because we learn from each other's code—this shouldn't be hindered; 3) Because of the way the web inherently is, it is ultimately impossible to prevent a determined person from viewing web page source code. A web designer might better serve himself and his clients if he invested his energy into learning technologies and practices that eliminate the need to hide web page source code, such as server-side programming.

Disagree? Agree? Need faulty investment advice? Contact me.

Fun Facts

The solution. The solution to the puzzle is simple. Most people find the solution in the most difficult possible way, but if you have a high enough level of understanding about client-side web architecture, the solution stares you in the face. The problem of course is getting to that high level understanding.

Kids. I get an inordinate amount of eleven to thirteen year-olds who solve the puzzle. They're always eager to let me know how trivial it was, and they always end their responses with “P.S. I'm only thirteen years old.” So for all you youngsters out there who find my challenge so passé, I have another challenge. Learn Python. You obviously have both the brains and the spare time, so if you start now you will be a hacker among hackers when you're twenty-five. [bracing self for flood of emails from nine-year-olds who already know Python]

Reverse Puzzling. If you think you have a website with “hidden” source code, send me the link and I'll defeat it, provided it fits within these parameters:

Hidden Source Hall of Fame. Starting 11/20/2002 and ending 3/14/2003, I posted a hall of fame list of the keen-minded folks who managed to crack the code. That is over and I'm going to take a break from these updates for a while. Thanks to all of you wrote in with your responses. I'm not going to add to the hall of fame list anymore, but feel free to let me know what you think.

Valid XHTML Valid CSS Valid Atom