encrypting database driven pages

probably like a lot of others, the data in my database-driven site is my most valuable asset. has anyone used any encryption products or other stratetgies to disallow someone from simply copying and pasting the query results to be their own?

thanks,

Mike

Can you be more specific about how someone would simply copy the results from a query? Do people have access to the database directly, or are you worried about them copying the output from the query after you format it for a web page, xml feed, etc.?

Thats a tough situation. If you encrypt the output, the user wont be able to read it. If they can read it, they can copy it.

In a situation where there is truly a danger of your data being "farmed", there is no TRUE solution. Some may require a paid membership to do searches, others may limit the number of searches a user or IP address can do in a given time-period.

Alot of what you can do depends on how free you want the information to be available. If you require a free user account, with a valid email address to be registered, it may deter data farmers, but it may also deter real users.

Anyone else have a workable solution?

The first post is vague, so I have to make some assumptions.

First, I'm going to assume that the data you want to protect is the actual content of your web site. Encrypting the content in the database is no good because it has to be decrypted before the user can read it. There are also these Javascript based HTML obfuscators but they're no good, one can make a copy of the original HTML source in less than a minute regardless of those.

As to requiring registration, either free or paid, that won't help too much either. All that is required is one account. Then the user simply makes a copy and redistributes it.

On the other hand, your purpose could be to protect data that is stored in a database but is not publicly visible on a web page. Customers' credit card information in a web shop could be a good example. For encryption to be necessary the data needs to be valuable enough for someone to try to steal it.

If you want more specific answers you really should tell us more about your situation.

If your concern is screen scrapers, there is a technique I have seen used that can at least make it difficult. It does involve javascript which can cause a problem if Javascript is disabled.

The technique involves using Javascript, either through DOM (perhaps even AJAX calls) or through simple document.write statements to write out the content. A server based scraper could not just read the HTML but would have to use complex regular expressions to parse out the data. if you changed the structure of the Javascript in any way, the scraping would fail.

If you look at it from the standpoint of the scraper. How would you do it? CUrl can read the page, but can't execute the Javascript. You can contol Mozilla (and IE on windows with Active X as an alt) through the command line, but even then you have to get the flattened DOM after the Javascipt is done changing it. Firebug will do that, but that isn't remotely controlable with any reasonable effort.

There's no gekko/firefox extension for PHP (I actually wish there was), or any other server side language AFAIK. Provided you don't mind using Javascript for printing the data out, it should work pretty well.