This question already has answers here:
Closed 11 years ago.
Possible Duplicate:
Javascript library: to obfuscate or not to obfuscate - that is the question
Hi, I'm creating a very simple footer zone with a jquery animated drawer and a simple carouseel with a modal to show some products of my store.
Any decent jquery programmer will easily top this, i'm a noob, the problem is that I know my competition very well, the moment they lay eyes on this they will implement the same, I just don't want them to outragely rip off my hard earned code.
I found this javascript obfuscator online:http://www.javascriptobfuscator.com/default.aspx
is it any good?
My question is, although it "obfuscates" the code, its still pretty easy to just donwload the .js file with my code and implement it. Is there a way to make the javascript file not load/work if its not in my domain?
This + the code obfuscation would work really well don't you think? Can you point me out something like this or a simple alternative?
Thanks
Best Regards
Joricam
One thing to think about. I can simply take your obfuscated/hard to read code and plop it right on my site and boom, it works. This is not like obfuscating PHP code where it requires a tool to decode it, and run. I can take your code as is, and it works fine.
However, if you insist:
I would just use any decent javascript minimizer to make your code harder to read. Not only will this improve the load time of the script, but also make your code harder to read.
I highly suggest something like YUI compressor or Google Closure
Note that I am stating, make it harder to read. Don't bank on this obfuscation idea, as you will not find any good solutions. It is not worth your time.
My question is, although it "obfuscates" the code, its still pretty easy to just donwload the .js file with my code and implement it. Is there a way to make the javascript file not load/work if its not in my domain?
No. There is no technique that is going to prevent a determined competitor from reverse engineering your JavaScript code.
For what you're describing - a drawer and carousel - they likely wouldn't even bother. Plenty of free, open source jQuery plugins that do that are out there. If anything, you're probably reinventing the wheel anyways.
If you don't want your code to be seen, I suggest placing it all on the server. JavaScript, by design is meant to be client-side, so regardless of what you do, people will still be able to utilize the code one way or another. If you still want to hide the code as best you can, try using Google Closure Compiler.
I'm on board with the sentiment expressed by others on this thread: You're wasting your time; what you're trying to protect has very little value and is hard to protect.
To answer your question, however:
Use flash or silverlight or some other such technology and put all of your code server side.
Related
This question already has answers here:
How can I prevent javascript code theft?
(7 answers)
Closed 6 years ago.
I made many javascripts for my blogger after hard work. So, I don't want anyone steal my codes, can I do that?
I tried obfuscate and encode from many websites, but anyone can easily steal it after that, So it just slow my website.
I need really solution : )
You can't. The only thing you can do is make your code harder to read by minimizing it, and otherwise obfuscating it. The code is sent to the client; you must assume they'll try to read it.
If you visit a website and the page is already "constructed", it means they used a server side language/framework to create the page before it was sent.
Javascript files are shown publicly, and sent directly to the client, so there's no way you can prevent them from being viewed. You had the right idea trying to obfuscate it, as that's the only solution, you just need to find the right obfuscater. In my opinion, you shouldn't even obfuscate them, as most scripts are written in a matter of minutes, it wouldn't make much sense for somebody to steal yours. If you really need to do so, then a quick google search returns this.
No, you can't. At the end of the day, the user can look at any javascript that is being run on the client. If you're doing anything that is business sensitive (such as connecting to databases, etc), that should take place on the server, so that users can't see it. Client-side JavaScript is intended to work with data that the user can see anyway, so it's not important for it to be obfuscated.
If you're just jealous that someone is going to to use your code, well.. Tough luck. Though I should say that in all likelihood nobody is interested in stealing your code. If they're going to reuse code, they'll download a plugin - not go through the source of random websites to see if there's anything they could scavenge.
People have mentioned obfuscation, but if that's your goal, you're doing something wrong. You should certainly minify your code - but that's to make it take less space, and thus load faster. Not to obfuscate it.
I know that anything that is downloaded and is in the user's possession is going to be pretty hard to protect, but I'm just wanting to hear opinions. I'm thinking of selling a script (made with Greasemonkey...), and I want to be able to prevent the user from easily viewing the source code, or sending it to others. Thanks in advance.
As with any javascript, complete protection is impossible due to the nature of the language, see:
Javascript library: to obfuscate or not to obfuscate - that is the question
and
How can I obfuscate (protect) JavaScript?
However, you can obfuscate your javascript code or minify it, neither of which will completely protect it, but they will make it less human-readable.
Really the only thing you could try would be obfuscation but that is no guaranty that nobody will be able to read your code.
Try - http://www.javascriptobfuscator.com/
With Greasemonkey, there is another option beyond JavaScript obfuscation.
You can compile your GM script into a Firefox extension instead.
Greasemonkey install makes it easy to see/get a GM's script code. But almost no civilians even know where to look for extension source files.
(Of course, nothing will stop a determined programmer from getting and analyzing your code.)
One such compiler is at: http://arantius.com/misc/greasemonkey/script-compiler .
Hopefully somebody can point me to something that could help. What I'm doing is designing a few things in a HTML document, but I'd really like to be able to have blocks of C/C++ (not too worried, although I imagine C would be easier) code in the design document. The problem I have is formatting the code - as I'd ideally like syntax highlighting.
I know the above is very possible - many sites that allow code to be entered do this, but what I'm wanting is for this to be possibly done in javascript so that everything can be contained nicely in a html file that can just be browsed and edited locally with no hassle for running an (albeit probably a simple) web server. I don't suppose anybody knows of such a javascript tool that can do this?
Thanks very much. :)
Edit: Remarkable - I've spent the past 1 1/2 hours looking for something like this and the next search I make after writing this question gets me this! I shall leave this question open a little to give others a chance to post so that if the above doesn't suit somebody, then perhaps another solution will.
Time to close. Here's a few javascript syntax highlighters:
SyntaxHighlighter
A collection of 9 scripts
Can I hide my javascript code on the client side???
Or some way make it non-readable not by users but by hackers as well??
Well it's not a complete solution, but you could minify your javascript to make it less human readable.
Wikipedia article on minification: http://en.wikipedia.org/wiki/Minification_(programming)
Online tool to minify javascript: http://www.refresh-sf.com/yui/
There is no way. It can't be encrypted because the browser has to execute it and he doesn't know how to decrypt.
Best is to minify/obfuscate (see anax) in order to let users don't bother trying to read the code. If someone wants it badly, he eventually get it. The time to do so is high, and hopefully this will dis-encourage users.
You can go from really cheap (adding lots of CR into the start of the HTML document) to not-so-cheap tricks (Javascript minify / obfuscate), but in reality nothing will prevent a half-descent user to read your code.
Have a look at this SO question for possible ways to obfuscate your script:
How can I obfuscate (protect) JavaScript?
I understand that client side code must be readable from the browser but I wonder (since there are too many things that I ignore) if there are ways to obfuscate to code to the end user and, if not what is the best practice to "pack" the javascript code.
It is good practice to minify your JS with a tool such as YUI Compressor. I would not obfuscate it unless you have a specific need to do this. There are plenty of online obfuscators such as this one
See this article: http://developer.yahoo.net/blog/archives/2007/07/high_performanc_8.html
Check this out.
Other than min'ing it, I don't think you can really hide js. It all goes the user's browser and there are plenty of ways of seeing it once its there.
See here for a Free Javascript Obfuscator.
Given that it is in fact possible, if the reason you intend to obfuscate is to protect intellectual property, you are probably trying to derive value from your work the wrong way. It's fairly easy to reverse the obfuscation, and you would probably be wasting time maintaining your code.
Focus more on what services you intend to provide to those who visit your site as a means to differentiate your site from competitors
There are tools that could be used to compress javascript code and render it difficult for the end user to understand.
Is there a reason why this won't do the trick for you?
http://www.javascriptobfuscator.com/
Do not put any sensitive or personal information in javascript.
Spend your time on keeping your data on the server secure.
Step 1: Don't.
You would have to do a lot to achieve any meaningful level of obfuscation. Obfuscating the names alone is not enough, since all of the standard functions will still be there (although they may be buried in a layer of shorter/obfuscated aliases), and deriving the purpose of a particular function is easy once the code is formatted nicely again. Anybody who really wants to know what your JS code does can, and will, no matter what you do to it before their browser gets a copy of it.
If you truly have valuable business processes in your JavaScript, then you're Doing It Wrong(tm).
No obfuscation is going to keep your code truly secure and it might just give you the false illusion of security (cf. security by obscurity).
If you do need to keep some portion of your code secret, consider pulling the sensitive portions into a server side script and making (say) AJAX calls to the script. Especially with the advent of JSON, communicating with server-side scripts has never been easier.
It is possible to use following tools:
YUI Compressor - requires Java - very good compressor
Packer - creates the most confusing, and smallest code, but scripts don't run as fast as YUI - this can be used online though. Select 'Base62 encode' for maximum effect.
The Dojo Compressor I've never used this one, but it's on the top-list. It also requires Java.
JSMIN By Douglas Crockford, this one has a very simple algorythm, but it is still good. Meant to be used in combination with JSLint.