0

I have a question about file permissions of html - css files served by httpd (on CentOS).

I have a website with several html - php - css files. When a user enters the URL of my website, index.html is displayed as it should. I tried to browse one of my css files (just for fun), and I realized that css source code is displayed in the browser. I do not publish the css files and their exact names of course, but some names (e.g style.css , bootstrap.css etc) are trivial, and one can try and get the styling of my webpage easily.

What is the solution to that? I cannot take off the read permissions of these files, because apache would not style the html files (since it will not be able to read the css).

sestus
  • 1,875
  • 2
  • 16
  • 16
  • You mean you are going to hide your css files name? – HddnTHA Jun 11 '14 at 08:24
  • I want to prevent css source code from being displayed. I want it just to be used from apache to style the html. I could possibly change the .css files to non-predictable names, but I believe that I could just let them as they are, and prevent them from being displayed when someone tries to access them. (e.g via a url like /css/style.css) – sestus Jun 11 '14 at 08:33
  • Why do you want to hide your CSS files from public? Since the browser will have to download it at some point any user will also be able to receive the file. You can use server side technology and place your CSS inline, but that will also not hide the definitions itself and it would be poor practice. You can obscure your css by compressing it, but developer tools will make it readable very neatly anyways. When you don't want it to be downloadable, don't upload it in the first place. – Nico O Jun 11 '14 at 08:46
  • Yes of course css is downloadable and one can view the styling of my html. But this is not the same as viewing the whole .css file. Css files have comments and are well structured (at least my css :) )and one can copy the file as a whole and use the code as it is. And the smae stands for javascript files. – sestus Jun 11 '14 at 08:52
  • 1
    You should not be worried that someone can view the source then. When you don't want your comments to be made public, use a CSS preprocessor like SASS or LESS. You can prevent your comments from beeing used in the resulting .css file. – Nico O Jun 11 '14 at 09:00
  • The solution - don't put the site up on the internet. But seriously, this is akin to "how can I make my images non copyable", you can't, if someone can see it, you can copy it, simple as. – Nick R Jun 11 '14 at 09:02
  • Thank you all guys. I suppose that's the way things work in web development. I just thought that there might be a way that designers could protect their work by hiding it. – sestus Jun 11 '14 at 09:15
  • @sestus what would you know about the web and technology if everybody would try to hide and obscure their work? I sure learned a lot by reverse engineering pages i like. There is nothing secret about CSS, the real time savers are out there for free, grid and other UI frameworks that took a lot of work from various people – Nico O Jun 11 '14 at 09:22
  • @NicoO yes it makes sense. But I thought this was not the case as I saw many CSS templates for sale and i wondered what's the point of selling css files if it's already there, free and downloadable. – sestus Jun 11 '14 at 09:31
  • That's something different then. When you can not enrich your templates with server side features that makes your templates worth buying next to the templates, I'd create a picture gallery of the template and let people view the actual demo only after some kind of registration and approving. – Nico O Jun 11 '14 at 09:39
  • @NicoO I see. Nevermind, understanding and reproducing the captured CSS from a website needs some deep understanding of HTML / CSS so it is not as easy as copying someone else 's work and using it as it is. Getting the idea on how to do several things is definately not a bad practice. Thank you once again for your time and for the conversation! – sestus Jun 11 '14 at 09:57

1 Answers1

0

There's no solution to that, css files must be readable and downloadable. You can minify them if you want them to be less readable (and smaller which is its real use).

Edit: Relevant Answer

Community
  • 1
  • 1
mvillar
  • 472
  • 3
  • 14