If "encrypt page" is checked of, encrypt the code client side symmetrically using salt+password. Also store a hash of salt+password and the salt itself.
If someone navigates to the code the server will send the salt and request authentication. If the client returns hashed salt+password (as stored on server), server sends encrypted code, which is decrypted client side using the user's entered password. If the hash is incorrect have the server wait 5 seconds before replying. After several failed attempts IP blocking may be necessary.
Comments should also be encrypted and decrypted in the same way as code (though if you can request/submit comments you've already been authenticated).
For hashing I recommend BCrypt. For encryption AES should be sufficient. BCrypt should also be able to handle salt generation.
Implement page encryption using new form fields.
If "encrypt page" is checked of, encrypt the code client side symmetrically using salt+password. Also store a hash of salt+password and the salt itself.
If someone navigates to the code the server will send the salt and request authentication. If the client returns hashed salt+password (as stored on server), server sends encrypted code, which is decrypted client side using the user's entered password. If the hash is incorrect have the server wait 5 seconds before replying. After several failed attempts IP blocking may be necessary.
Comments should also be encrypted and decrypted in the same way as code (though if you can request/submit comments you've already been authenticated).
For hashing I recommend BCrypt. For encryption AES should be sufficient. BCrypt should also be able to handle salt generation.