My customer does not want the data of his employees in the employee list on his website as plain text on the website. He therefore wants data such as names or telephone numbers to be displayed only in encrypted form in the source code. Does anybody have an idea how this could be accomplished?
You can use JavaScript-based obfuscation or encryption to prevent plain text employee data from appearing in the source code, but no client-side solution is completely secure. For sensitive employee information, consider whether it should be public at all. You do not have control over the server side rendering so that is not an option.
1 Like
I second Jeff’s counsel on this, if you don’t want it to be scraped and raided by spambots or bad actors you’re much better off utilizing a form contact mechanism for emails, and techniques like 2-party connect (2pc) for phone calls to fully hide emails and phones.
The general rule is if it’s visible to humans, it’s visible to bots… so e.g. employee names are another matter to consider
1 Like
Thank you very much for this answer. I was heading in the same direction. What I can’t get my head around is how to read the data held in the CMS without having it in plain text in the DOM before encoding it with JS.
Thanks for that. I guess, they want it make as hard as possible for bots but still be able to introduce their team on the website.
In theory you could store the encrypted text in the CMS, and then have JS decrypt it with the crypto lib and a cipher. But many bots can run JS as well, so that achieves nothing.
You could put information like the user’s name into an image, but that can likewise be read by bots, and it would break screen reader a11y for vision-impaired users.
You could make that content server-side and deliver it only to users who pass bot tests, or who log in to an account.
For content that is generally-public though, these are a waste of money and time, and won’t achieve much. You’re better off just being careful about what content you share, and assuming it will all get scraped. Name and photo is probably OK. Then you could link to LinkedIn to make all other contact forms “protected” if you want by a platform that is specifically designed with anti-scraping measures.
1 Like
I really appreciate your answer. Thank you for it. We will have to reconsider the staff list.