Encrypt it !!

A program to manage complete sites, and compress html pages, encrypt html pages or fully password protect html pages - in any combination.

Since a database was needed to keep track of individual file names and the required operations per file, the whole program is written in MS Access. You will need MS Access 2000 or higher (or MS Office 2000 SR 1) in order to work with this program. The program is supplied as a single MDB file.

How does it work?

• Compression works by simply taking out unnecessary white space and comments. This often leads to 25-30% savings in space, so quicker upload, quicker download.
• Encryption-only works by using an XOR algorithm to encrypt the page. The "password" is stored in the page itself. Encryption ensures that the page cannot be read by any robot, nor can the page content be viewed by viewing the html code of the page. The page is decoded and shown as soon as you open it, without user intervention.
• Password protection works just like encryption, except that the password is not stored in the page, but instead must be supplied by the user via a small log-on screen.

Program details
The supplied program has three windows:
 

Web sites. This is where you define the web sites you manage. Sites have a name, a folder where all html files are kept, a backup folder where the program will store copies of all originals it processes, a password html template file, and a password. Options include creating and deleting site definitions, browsing for folders and files. You can define more than one template for a site, for example one with all the normal files, and one with just the protected files.

Web site files. This is where all information on all the files that belong to one web site definition is kept. Each file has a name, and three flags: Password protect, Encrypt, Compress. These specify the operations to be carried out on each file. You can mix and match as you please or leave all options off. Options include browse for files, add and delete files, add all files from the given site folder and replace the current list, or update the current list with new files only. Further options include a full restore of all originals, and of course processing all files (or a selection) as marked.

If you find you need more configurations for a particular site, you can easily make these.

Code blocks window. This window presents a table with code blocks. Code blocks are blocks of html or javascript code, and templates of how the code blocks fit together. By changing the template and/or by adding code blocks, you can alter the resulting html output or even the actual decryption code - for example the action to be taken when the supplied password is incorrect.
 

Quick setup
It only takes a few mouse clicks and you will have created your first site definition and imported all files, with the default option Compress set, and you are one click away from compressing all your files. You can add more features per file later.

Normal operation of the program would be as follows, assuming you have created your site definition:

• Edit your html files prior to uploading them to update your site
• Open Encrypt, click on the Process button to process all files
• Upload the files and/or test them locally
• Go back to Encrypt, click on the Restore button to restore all backups. The processed files are lost.
• Continue editing your original files.

So you see there are two mouse clicks, one before and one after the uploading or testing phase, and that is all.

Purchasing
This program is shareware (try before you buy). The limitation on the shareware version is that after a single operation (process or restore a list of files) you will get a nag screen and the program will close. Also, the VB code is not accessible. To get rid of this limitation, you can purchase the full version.

• Try the results here!
• Download the shareware version here! (145kB)

You can purchase the full version by clicking the Paypal button. It costs USD 15.00. You will get the program sent to you by email. You will need MS Access 2000 or higher (or MS Office 2000 SR 1) in order to work with this program. The program is supplied as a single zip file with the MDB file and a sample in it.

Below, you will find further technical and detailed information and documentation. Just in case you are interested!

How does it really work?

• Password protection works with a cookie. Once the password is entered, all pages on the same site (which all use the same password) will be decoded automatically, because the cookie remembers the password for you. The cookie in this case is a session cookie, which is a temporary piece of browser memory (i.e. not on disk!) that is lost when you close the browser. You can only use one password per site - unless you start coding of course. If you do use different passwords, the user will have to re-enter the password if another password was used in between.
• The password protected page consists of two layers. Both are invisible. If a correct password is found, the source is decoded and written to layer 1, and made visible. If no password is found, layer 2 is made visible so the user can enter a password.
• The use of layers was chosen so the actual page is not reloaded or completely rewritten, which leads to an extra entry in the browser's history, effectively disabling the back button. However if no destination layer is given in your template, the decoded page will be written to the document itself without problems.
• Layer positions are relative to the parent object. So any layers inside the encoded page will be offset to the destination layer of the decoded page, and in this way they will keep their exact position on screen once decoded.
• The complete code, with decoding javascript, layers and so on will add about 3kB to your page. With most pages, this is easily recovered by using the Compress option. For a normal home page the net gain is about 10% reduction in size overall.
• Password protection and encryption stay with the file, even when the file is downloaded and viewed offline! There is no point passing on a password protected html file to someone else, without the required password.
• XOR encryption is not superstrong - a dedicated hacker would be able to crack it. But then a dedicated hacker would also realise that this type of protection will not lead to very interesting data like credit card numbers ... Anyway, don't use it to store your credit card information! However for the purpose of preventing access by unauthorised normal users who have no skills in writing decryption algorithms in javascript, this is more than sufficient, and it will certainly prevent your page from access via search engines like Google, or web robots that search for email addresses.
• The decryption does take time. This time is offset against the compression that was used to create a smaller file and faster download, so effectively the time is negligeable. However for large pages or complicated forms with large scripts, you may want to consider alternative schemes that allow you to leave the page un-encrypted, such as protecting complete folders on your server using cgi scripts. Alternatively, use the password protection to only protect the access-page to other pages.
• Full source code is included! That means that you can alter anything you like, from the actual encryption algorithm to the output html and javascript code, the password logon screen, the program itself, and so on. For some of the advanced work you need a good knowledge of Visual Basic for Applications under MS Access, javascript and html. But if you don't know any of that, it works right out of the box too without any problems.
• The full program was tested (amongst others) with a 40+kB form with dozens of text boxes and extensive javascript processing in IE5.

Documentation on code blocks
If you know hmtl and javascript, you can use the code blocks feature to adjust everything, including default password pages and the javascript decoding block.

When a page is being put together by the program, it will start by loading a Layout block. LayoutNC for eNCrypted, LayoutPW for PassWord. These two options are set for each file, and the names of these blocks may not be altered.

The layout is a small text file with special markers in it:

<html>
<head>
<meta name="robots" content="noindex">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
^^Title^^
^^Meta^^
^^Link^^
<script language="JavaScript"><!--
var h=new Array(^^Encryption^^);
^^DecodeNC^^
// --></script>
</head>
^^TemplateNC^^
</html>

The markers specify either program code to be executed (in the case of reserved words), or other code blocks that should be inserted at this point, possibly with minor processing, or raw text / html to be copied as is. All reserved words are listed below.

• LayoutPW
  Reserved word for the password protected page html layout to create
• LayoutNC
   Reserved word for the password protected page html layout to create
• Title, Meta, Link
  Reserved words. They will copy the corresponding tags from the page to be encoded and insert them at this point in the output html page. If more tags need copying like this, VBA code must be added to the program itself.
• Encryption
  The program will encrypt the supplied html page and insert the encrypted stream here. The variable name "h" is used by the decryption block. The password set in the Web Site screen is used, or "Merlin" if no password is given or encryption only is wanted.
• Decode...
  A direct substition of this variable with the code block of this name. The code block uses the variable name "h" for the encoded page, and contains two functions that are referenced by the template file, so these must match. You can define as many decoding blocks as you like with different names and use them in various layout templates.
• Template...
  Any code block starting with "template" can be defined. These templates are used if no template is given in the Web Site screen, or when the page is only encrypted, not password protected. All template blocks must contain a <body> ... </body> section, which is all that is used from the template. Within this, there must be a call to FL(''), usually in the form of onLoad="FL('');", and a call to FLC(), usually as the result of a button press or a form submit action, so the decoder can start working with a supplied password. The presence of these calls is checked by the program.

What can you change?
Depending on your wishes and levels of skill, here is what the program allows you to do:

• No skills
  If you have no skills, simply use the program as given. It works fine.
• New template
  If you like, you can define a template for a password. This can be done in html, or with a wysiwyg html editor. Copy the TemplatePW code block and use it to start creating a new template. Save the template, and enter the path and file name in the Web Site window, to start using your own template instead of the default.
• Options in the template
  If you don't like the use of layers, you can simply remove the layer LVX in the template. The decoded page will be written to the document instead.
• Javascript decoding output
  If you want the decoded output to be shown somewhere else than in a layer, you can change the template, the default template and the corresponding Decode... block (they must all match together).
• Encryption algorithm
  If you want to change the encryption algorithm itself, you must alter the VBA code that encrypts the pages, as well as the javascript code that decrypts them in the Decode... blocks. If you are at this level, you will be able to pretty much change everything you like in the program.