+ 10

Is it possible for someone to hack my website using page source?

when viewing a website in a browser you can view page source i would like to know if that can be a vulnerability.

20th Jan 2017, 6:32 AM
Rashid Mdaki
Rashid Mdaki - avatar
46 odpowiedzi
+ 26
No, but they can copy your design.
20th Jan 2017, 6:33 AM
David Sebastian Keshvi Illiakis
David Sebastian Keshvi Illiakis - avatar
+ 23
To secure a web server, better to get a SSL Certificate. Comodo provides SSL Certificate which is free. Using Reverse Proxy like Tomcat will prevent the hackers from obtaining real IP address of web server. Cloud Flare prevents DOS/DDOS attacks.
21st Jan 2017, 9:19 AM
jjiji
+ 17
They can't hack it from directly viewing page source, but poorly written code or exposing sensitive information is the entry point for hackers. What you see is what you get - source code.
20th Jan 2017, 9:03 AM
Mark Foxx
Mark Foxx - avatar
+ 13
YES, they can, if you use javascript for login authentication instead of php.
20th Jan 2017, 9:08 AM
Uran Kajtazaj
Uran Kajtazaj - avatar
+ 8
A website made of html isn't vulnerable (at least not through the source code) Javascript or sql databanks however are vulnerable as they process user input and reveal information based on it. Edit:typo
20th Jan 2017, 9:09 AM
Karl Ebert
Karl Ebert - avatar
+ 7
Downloading the page source is harmless. Yes they can recreate your site, but they won't have your signature: domain name. In terms of requests, if you expect it and it verifies to your liking permit it, else otherwise.
20th Jan 2017, 10:00 AM
Mark Foxx
Mark Foxx - avatar
+ 6
In the world of Internet nothing is safe because security itself is an incomplete word.
20th Jan 2017, 5:55 PM
Harsh
+ 6
No Need to Worry it is Just Source code not Data...
16th Feb 2017, 7:41 AM
BBBB Ghh GgBB
+ 5
@Michael Murandu - I can't remember specifics, but essentially you can do things to make it harder to see code 1) hopefully you do this anyway, but use a mixture of server side and client side code so that you only send code that you have to- server side code is code that runs on your own (or your hosting companies) servers and is not part of the page source that is sent to a visitor, client side is sent to visitors. Have the server do everything that you really do not want other people to be able to see (such as talking to databases, checking login information, processing bank info, deciding on what the user can see) 2) use Ajax or some other similar tech to only send the html the user needs at the time (so don't use client side code to hide stuff) 3) you can override what happens when a visitor right clicks on your page for at least some browsers (I can't remember how) so at least in some browsers it's less easy to see the source code 4) code obfuscation - basically this is making your live/publicly viewable code as awkward as possible to read and understand (so once you've finished the design and are ready to go live, save another copy of your code, and in the new copy change variable names to awkward meaningless names, remove all your lovely neat indentation and line breaks etc - put the awkward code on the live server, and keep your neat code saved somewhere private)
20th Jan 2017, 5:49 PM
Phil
Phil - avatar
+ 5
Nope bro! But they can copy your web desgine!
21st Jan 2017, 6:32 AM
Aakash Basnet
Aakash Basnet - avatar
+ 5
As long as you NEVER use front-end user authentication, and sanitize user inputs into any database and treat all user data as malicious, you site will be fine :-)
21st Jan 2017, 1:31 PM
Alex Winder
Alex Winder - avatar
+ 4
there is means ...I m not telling u 😉
20th Jan 2017, 6:36 AM
Sun
Sun - avatar
+ 4
The page source can give you a good insight on how things are happening in your website, like how the forms are handled, if you are using some framework or not, what scripts do you use and even the directory hierarchy. These things alone do not really represent any danger, but gives you hints on where and what to look for as you can search for vulnerabilities on the framework X on version V.V
20th Jan 2017, 9:48 AM
heinriques
heinriques - avatar
+ 4
using HTTRACK we can download entire websites html content but it we cant hack it
20th Jan 2017, 9:50 AM
DARSHAN KINI
DARSHAN KINI - avatar
+ 4
From just html no
20th Jan 2017, 11:43 PM
Felix Knost
Felix Knost - avatar
+ 4
The answer is not completely no. Threy can check form actions from your source code and try to attack your database. There are a lot of examples of this in the real world. So, never be sure for 100 percent when it comes to website security.
21st Jan 2017, 6:05 AM
Ali Mamedov
Ali Mamedov - avatar
+ 4
Yes they can if you've not secured the site...
22nd Jan 2017, 7:56 AM
Joshua okoro
Joshua okoro - avatar
+ 3
yes they can
21st Jan 2017, 9:48 PM
Sergej
+ 2
they can copy your website and make it to his...Then...that person can make like a fake website of yours and Send it to other people
20th Jan 2017, 7:47 AM
Blugon
Blugon - avatar
+ 2
Nope, but you can make a copy of the website
20th Jan 2017, 2:00 PM
gdjogn4s
gdjogn4s - avatar