+ 10
Is it possible for someone to hack my website using page source?
when viewing a website in a browser you can view page source i would like to know if that can be a vulnerability.
46 Respostas
+ 26
No, but they can copy your design.
+ 23
To secure a web server, better to get a SSL Certificate. Comodo provides SSL Certificate which is free. Using Reverse Proxy like Tomcat will prevent the hackers from obtaining real IP address of web server. Cloud Flare prevents DOS/DDOS attacks.
+ 17
They can't hack it from directly viewing page source, but poorly written code or exposing sensitive information is the entry point for hackers. What you see is what you get - source code.
+ 13
YES, they can, if you use javascript for login authentication instead of php.
+ 8
A website made of html isn't vulnerable (at least not through the source code) Javascript or sql databanks however are vulnerable as they process user input and reveal information based on it. Edit:typo
+ 7
Downloading the page source is harmless. Yes they can recreate your site, but they won't have your signature: domain name. In terms of requests, if you expect it and it verifies to your liking permit it, else otherwise.
+ 6
In the world of Internet nothing is safe because security itself is an incomplete word.
+ 6
No Need to Worry it is Just Source code not Data...
+ 5
@Michael Murandu - I can't remember specifics, but essentially you can do things to make it harder to see code 1) hopefully you do this anyway, but use a mixture of server side and client side code so that you only send code that you have to- server side code is code that runs on your own (or your hosting companies) servers and is not part of the page source that is sent to a visitor, client side is sent to visitors. Have the server do everything that you really do not want other people to be able to see (such as talking to databases, checking login information, processing bank info, deciding on what the user can see)
2) use Ajax or some other similar tech to only send the html the user needs at the time (so don't use client side code to hide stuff)
3) you can override what happens when a visitor right clicks on your page for at least some browsers (I can't remember how) so at least in some browsers it's less easy to see the source code
4) code obfuscation - basically this is making your live/publicly viewable code as awkward as possible to read and understand (so once you've finished the design and are ready to go live, save another copy of your code, and in the new copy change variable names to awkward meaningless names, remove all your lovely neat indentation and line breaks etc - put the awkward code on the live server, and keep your neat code saved somewhere private)
+ 5
Nope bro! But they can copy your web desgine!
+ 5
As long as you NEVER use front-end user authentication, and sanitize user inputs into any database and treat all user data as malicious, you site will be fine :-)
+ 4
there is means ...I m not telling u š
+ 4
The page source can give you a good insight on how things are happening in your website, like how the forms are handled, if you are using some framework or not, what scripts do you use and even the directory hierarchy. These things alone do not really represent any danger, but gives you hints on where and what to look for as you can search for vulnerabilities on the framework X on version V.V
+ 4
using HTTRACK we can download entire websites html content but it we cant hack it
+ 4
From just html no
+ 4
The answer is not completely no. Threy can check form actions from your source code and try to attack your database. There are a lot of examples of this in the real world. So, never be sure for 100 percent when it comes to website security.
+ 4
Yes they can if you've not secured the site...
+ 3
yes they can
+ 2
they can copy your website and make it to his...Then...that person can make like a fake website of yours and Send it to other people
+ 2
Nope, but you can make a copy of the website