Applies to Self-Extracting, HTML Viewer, IE Browser publications.
One of the main reasons to compile your websites is to protect your HTML pages from being copied, stolen or even just accessed without your authorization. To view your compiled website, end users have to launch the compiled website .exe file. It is also not possible to unpack a compiled publication using a file archiver (like Zip/Unzip tools) without running it. Finally, for non Self-Extracting publications, they cannot be decompiled. In other words, please make a backup of your source files because once a publication is compiled, you cannot extract source files from it anymore.
Publications built with HTML Executable feature several security options that you can configure using this tab.
Global Password
If you wish to restrict the access to your publication, you can password protect it: end users will be prompted for the password before the publication starts. If the password entered is incorrect, then an error message is displayed (given by SInvalidPassword resource string) and the publication closes immediately.
You can also customize the behavior of the publication when the password is incorrect thanks to the HEScript UserMain.OnInvalidPasswordAtStartup Boolean event. The runtime module invokes this event if the password provided by the user is incorrect. If you set the result of this event to True, the publication does not exit.
function OnInvalidPasswordAtStartup: Boolean;
begin
Result := True;
end;
In order to create a set of acceptable passwords that can be unique, when distributing to a set of customers, wild card characters are accepted. Thus, you can set up the following global password: 123-4**-A** (and so any character can be input for the wildcard place holder).
Allowed wild card characters:
- # digit (0..9)
- _ single character (a..z) and (A..Z)
- * any character.
HTML Executable comes with a password generator that lets you create lists of random passwords based on the provided mask.
Choose the number of passwords to create and click Generate.
Set a global expiration date
If you would like your publication to expire after a specific date (it does not run anymore), then just select the expiration date you want. After that date, publications will display an error message is displayed (given by SPublicationExpired resource string) and the publication closes immediately. Changing the system clock will not modify the expiration state.
This option, however, is not very safe: if you want to create Trial publications that can really expire "forever", then make a restricted publication.
When testing your publication on your own computer, you can remove the expiration state by clicking "Clear expiration info". This function will only work if the publication expired.
Finally , you can also customize the behavior of the publication when the expiration date is reached thanks to the HEScript UserMain.OnExpiredPublication Boolean event. The runtime module invokes this event and if you set its result to True, the publication does not exit.
function OnExpiredPublication: Boolean;
begin
Result := True;
end;
Check publication size at startup
When a publication is downloaded from the Internet, if the download was not successful, this may result in a truncated file. In this case, running non-complete publications may not be safe. To prevent truncated downloads or size-modified publication files, you may enable this option. When turned on, it forces the publication to check its size. If the size is not the same as it was when the publication was built, an error message is displayed.
Note that this option is superseded by digital signatures. If you have the necessary Authenticode files (a code signing certificate), then it is even better to sign your publication.
Disable PRINT SCREEN
The PRINT SCREEN key allows Windows users to capture the whole screen to a bitmap, called a screenshot. This screenshot is then saved to the Clipboard and users can paste the result in any word processing tool or image editor. If you would like to disable this function, just turn on "Disable Print Screen": pressing the key won't take screenshots anymore when the publication is running.
Notes:
This function, however, does NOT stop screen capture tools.
Some programs (such as these capture tools) may also try to override the Print Screen hotkey. In this case, there may be conflicts.
Self-Extracting publications are not able to disable all Print Screen keystroke combinations contrary to other publication types.
Only one instance of the publication can be run at a time
Enable this option to make sure that only one instance of your publication executes. If the user tries to run a second instance, it immediately exits and the previous instance gets enabled and visible.
Moreover, command-line arguments are directly passed to the running instance: this feature is useful for help files as it lets you change the current topic for instance without having to close and start another instance of the publication.
Do not run if a debugger is detected
This option checks for known debuggers and file/registry monitoring software programs (such as OllyDbg, SoftIce, WinDBG, RegMon, FileMon...) and will refuse to run the publication if one is running. An error message is displayed, or advanced user may also customize the behavior of the publication thanks to the HEScript UserMain.OnDebuggerDetected Boolean event. The runtime module invokes this event and if you set its result to True, the publication does not exit.
function OnDebuggerDetected: Boolean;
begin
Result := True;
end;
File Protection: Enable Virtualization for Plug-In Files and Dependencies
HTML Executable offers a virtualization feature for files and dependencies that require to be unpacked to the hard disk in order to be read by plug-ins. When virtualization is turned on, your publication creates virtual files: these files are actually written in memory, and not on the hard disk.
Consequently, no content is written to the hard disk and thus it is harder to copy virtual files.
Learn more about content protection with plug-ins
You can define the maximum size for a virtual file (if the size of a file exceeds this limit, it will be unpacked to the hard disk) and the capacity of the virtual memory storage created by the publication. Both limits are in Megabytes.
If the storage exceeds its capacity, it is completely emptied. You can also programmatically clear the virtual storage using the HEScript function called ClearVirtualCache.
For advanced users, it is possible to unpack files to the virtual memory thanks to HEScript functions: UnpackVirtualResource and RemoveVirtualResource.
Not available in Self-Extracting publications.
Security profiles are a high-level security feature of HTML Executable. They allow you to control the user access to HTML pages and actions that the latter can do when viewing these pages.
They are managed on this tab. Please see the following topic for further information:
