This question already has answers here:
How can I hide or encrypt JavaScript code? [duplicate]
(7 answers)
Closed 7 years ago.
How to secure or hide javascript code on client side. Is there any way to doing so.
Thank You
Short answer: You can't/don't.
Longer answer: You cannot hide it at all. It runs on the client and it cannot be compiled to machine code.
However, you could minify it - that's basically obfuscating it by shortening variable names, removing whitespace, etc. While it's usually used to save bandwidth it also makes the code less readable.
Note that all but the changed variable names and removed comments can be easily undone by something like jsbeautufier.. but for a large application it's very hard to understand the code without any meaningful variable/function names or comments.
There is no such thing as 100% secure javascript code. This is because any code executed on the client's machine cannot be fully secure. Your best bet is to obfuscate your javascript and make it hard to read.
Your best bet is to ensure all vital secure code runs on the server, and allow javascript to do only simple, UI enhancing tasks on the client side.
As i know it is not possible. Only thing you can do it making the code very badly organized. Which will take longer time to find out actually what you are doing.
If you are searching this because of security reasons, you have to remember the only thing matters in security is the password-which is not put in the code. So find a nice way to encrypt you stuff. You can find many good ways on web.
Related
This question already has answers here:
How can I prevent javascript code theft?
(7 answers)
Closed 6 years ago.
I made many javascripts for my blogger after hard work. So, I don't want anyone steal my codes, can I do that?
I tried obfuscate and encode from many websites, but anyone can easily steal it after that, So it just slow my website.
I need really solution : )
You can't. The only thing you can do is make your code harder to read by minimizing it, and otherwise obfuscating it. The code is sent to the client; you must assume they'll try to read it.
If you visit a website and the page is already "constructed", it means they used a server side language/framework to create the page before it was sent.
Javascript files are shown publicly, and sent directly to the client, so there's no way you can prevent them from being viewed. You had the right idea trying to obfuscate it, as that's the only solution, you just need to find the right obfuscater. In my opinion, you shouldn't even obfuscate them, as most scripts are written in a matter of minutes, it wouldn't make much sense for somebody to steal yours. If you really need to do so, then a quick google search returns this.
No, you can't. At the end of the day, the user can look at any javascript that is being run on the client. If you're doing anything that is business sensitive (such as connecting to databases, etc), that should take place on the server, so that users can't see it. Client-side JavaScript is intended to work with data that the user can see anyway, so it's not important for it to be obfuscated.
If you're just jealous that someone is going to to use your code, well.. Tough luck. Though I should say that in all likelihood nobody is interested in stealing your code. If they're going to reuse code, they'll download a plugin - not go through the source of random websites to see if there's anything they could scavenge.
People have mentioned obfuscation, but if that's your goal, you're doing something wrong. You should certainly minify your code - but that's to make it take less space, and thus load faster. Not to obfuscate it.
This question already has answers here:
How do I hide javascript code in a webpage?
(12 answers)
Closed 9 years ago.
I'm quite new to Angular. I've done a lot of things with it. Built an internal website in my organization.
When I inspect regular web pages with chrome dev tools, I generally can't see any important javascript source files. But when I inspect my own angularjs web site, all of my controllers, directives and factories are there, exposed to everyone.
How can I hide them from users? Do I just have to minify them?
Thanks
There is no way you can hide your script from client.
You could obfuscate it a lot, making each function dependant on another, building a massive "web" of functions that all depend on each other, but that would also make the code really REALLY messy for yourself. The best thing you could do is just put a license in your script, using /* */ and that will atleast prevent most buisnesses from stealing the code.
Javascript files are downloaded to the client so there is not much you can do.
You can try to obfuscate javascript but it's mostly a waste of time IMO
There is no way to do this. At best you can compress your JavaScript to make is less readable but at the end of the day if someone want's access to your code they can get it. That said, this is true for most programming language now a days. It's fairly easy to get the code for apps written in Java, C#, VB, and Managed C++.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
How can I obfuscate JavaScript?
Is it possible to make some of Javascript private and confidential so that certain things can remain confidential?
If you're asking whether or not you can prevent users from viewing your source, the answer is basically no.
Sometimes you can make it impossible to do right-click / view source, but people could simply use a tool like Firebug.
You can minify your code, but that doesn't hide it. It just makes it harder to comprehend.
I think what you are after is encrypting/obfuscating javascript code; you cant avoid but send your JavaScript code to the client.
The best you can do is obfuscate it, which is essentially making it harder to humanly read it. and here the SO reference if you want to go down that path
How can I obfuscate (protect) JavaScript?
I am not sure why you want to do this, is it to protect some of your own code, if so then its ok, but if you are planning on putting sensitive data such as usernames/passwords embeddeed into your javascript then please don't do so, its ok to go to the server to fetch stuff better being secure :-) happy coding.
This question already has answers here:
Closed 12 years ago.
Possible Duplicate:
Protecting client side logic & data
How can I block other from reading my JavaScript through view source?
My thing is, now one can access my JavaScript, because am not sure, but just guess some one from outside using some tool to changing my JavaScript events.
So how to make the authenticated?
You don't control the client, and javascript isn't compiled. Its a losing battle if you want to lock it down completely. The best you can hope for is a good obfuscator/compressor that would make it more difficult to read. You can also do it all in flash or something where you would have a bit more say, but you still don't control the client, and they can still decompile the source.
It's not entirely possible for you to block your JavaScript code from getting into the client side, since this is where they will get executed.
As you mentioned about changing the events, your Application must be developed in a such a way that such changes will not harm the Application at the server end. Of course, that particular user will be able to produce unanticipated output it his end, but these should hardly matter as he will be the sole viewer of those.
One side note though, there is something called code obfuscation, that is making the code deliberately unreadable. Some Web App developers resort to that. You could consider doing that.
This question already has answers here:
Closed 12 years ago.
Possible Duplicate:
What are some good ways to prevent people from copying my source code?
I am looking into ways to 'encrypt' my HTML and CSS code so that a visitor cannot simply 'View Source' and copy it.
That's not possible; you should copyright your code instead if you are worried.
Or you may want to have a look at:
Obfuscated Code
There aren't any. The best you could do is some tool that will minify or obfuscate your javascript code. However, there's no way to make it truly secure. Encryption implies decryption on the client side, which exposes everything to the user.
So why is this not possible? HTML, CSS, and Javascript are all client-based. Meaning that you have to give the user your code, and it is processed on his machine. You can't simultaneously show someone the code and prevent him from seeing it.
Depending on exactly what it is you want to protect, you may want to look into server-based technologies like PHP or ASP.
You also of course have the option of just doing a really good job to build the reputation of you/your company. After all, imitation is the sincerest form of flattery. Or doing a really crappy job so that nobody wants to copy you.