--- title: Secure Balance Academy Viewer emoji: 🔒 colorFrom: blue colorTo: purple sdk: docker app_port: 7860 pinned: false --- # Secure Balance Academy Viewer This is a secure implementation of the Balance Academy web application that prevents users from downloading, copying, or inspecting the HTML content. ## Features - Authentication system with token-based access - Prevention of right-click context menu - Detection and prevention of developer tools - Content made uncopyable - Dynamic watermarking with timestamp - Security headers for additional protection ## Usage Simply click the "Access Secure Content" button to view the protected content. Your session will automatically expire after 1 hour. ## Security Notice The protections implemented in this application are designed to discourage casual copying and downloading but cannot prevent determined technical users from accessing the content. For the most sensitive content, consider additional server-side protection measures ## Setup Instructions ### Local Development 1. Install the required dependencies: ``` pip install -r requirements.txt ``` 2. Run the Flask application: ``` python app.py ``` 3. Open your browser and navigate to `http://localhost:7860` ### Deployment on Hugging Face Spaces 1. Create a new Space on Hugging Face with the "Gradio" template 2. Upload all the files in this directory to your Space 3. Add the following to your `requirements.txt`: ``` flask==2.3.3 Werkzeug==2.3.7 gunicorn==21.2.0 Flask-Session==0.5.0 ``` 4. Add the following to your `app.py` at the top: ```python # This file will be used by Hugging Face Spaces ``` 5. Commit and push your changes ## How It Works The application serves the HTML content with added JavaScript protections that: 1. Disable right-clicking to prevent context menu access 2. Intercept keyboard shortcuts that could be used to save or inspect the page 3. Detect when developer tools are opened and replace page content with a warning 4. Make text selection and copying difficult 5. Add a dynamic watermark that updates with the current time Additionally, the server adds security headers to every response to prevent certain attacks and restricts how the content can be loaded or framed. ## Limitations While these protections make it more difficult for casual users to copy or download the content, they are not foolproof against determined technical users. No client-side protection can be 100% effective against someone with technical knowledge, as the browser must ultimately receive and render the content. For the most sensitive content, consider server-side rendering of partial content or delivering content as images rather than HTML. ## License This project is licensed under the terms of the LICENSE file included in the repository.