Jump to content


Photo

Hiding your JS Code


  • Please log in to reply
5 replies to this topic

#1 radalin

radalin
  • Members
  • PipPipPip
  • Advanced Member
  • 179 posts

Posted 09 August 2006 - 08:54 AM

Hi,

As the subject says, I do not want to show my .js files to anyone. I put them in different files and I think I should encode them. I found some encoders which I will give a try to them and it seems the most powerful way is to encode with more then one encoders. But even this is not enough as all the encoded codes can be cracked with enough time and dedication!

So what do you do to protect your js codes (or your intellectual property should I say)? What encoders do you use? Or what kind of things you do or you just give up, and put them as they are?
Roy Simkes
Yet Another Parkyeri Developer

#2 Guest_huey4657_*

Guest_huey4657_*
  • Guests

Posted 09 August 2006 - 09:26 AM

Show me your code and I will tell you ;)

#3 Guest_huey4657_*

Guest_huey4657_*
  • Guests

Posted 09 August 2006 - 10:00 AM

Follow the link - there are some tips in the text that may help.
http://www.webdevelo...6778#post141132

#4 radalin

radalin
  • Members
  • PipPipPip
  • Advanced Member
  • 179 posts

Posted 09 August 2006 - 01:25 PM

That was a great discussion!

I was just curious if someone were able to hide it source code (well javascript codes worth to hide as they are just like php or asp or jsp.) Most of the discussion was about right click disabling "newbies" I was intrested If I yould be able to hide my ajax codes. I was looking forward to hide which ul I'm calling for ajax (for security purposes) but seems that even if it's possible, someone dedicated enough can track it via proxies or other ways (packet sniffing was it?)

Bah I think I give up too easy and too fast. Anyway thanks for the link.
Roy Simkes
Yet Another Parkyeri Developer

#5 PotatoBob

PotatoBob
  • Members
  • Pip
  • Newbie
  • 6 posts

Posted 09 August 2006 - 09:59 PM

I wouldnt even try to hide js code using ajax since any smart person would have firebug installed as an extension in firefox and see everything that goes on in the browser :P

as for right click blocking, ... view->page source or file->save as

I mean how important exactly is your javascript? ::)

your best bet is just going with obfuscation because your script probably wouldnt be worth the time to decrypt it. :)

#6 radalin

radalin
  • Members
  • PipPipPip
  • Advanced Member
  • 179 posts

Posted 10 August 2006 - 09:28 AM

Well I'm thinking a little about encrypting my data and send by that way with ajax. The problem is with javascript as the source code can be easily seen there is no need to encrypt it with a way. As a malicious person can fin my encryption alogrithm easily. But If would be able to hide it. Than It wpuld be ok.

I know there are lots of ways to coping anything that is posted on the web. And thats why you put them to the internet, to publish them! But no one can see my php code nor jsp neither asp codes. As they are parsed or compiled on the server side, it's hidden to me whatever I do. So I can use my encryption algortihm there and then everything would fine.

I have read lots of articles telling hat ajax in insecure. As it's mostly a client-side scripting and every client can be tricked easily. Even though I have no intension using ajax while entererin or updateing something to db just select commands, I also want to secure them too. Why should I let someone to see any info from my database? I have also looked what was saja doing for security but they just meant, we are trying to prevent functions being called by unauthorized people but we are not protecting your data! It was mostly doing them via session management. Anyone who can trick the sessions is able to trick saja too then.

My intension was to send data and also a little serial number created via data. If serial is ok after I manipulate the data, then the ajax request is ok! But as I can only create the serial via javascript it's completly a waste of time.

As I read more and more I see that js can only be obfuscated, which can be decoded with enough dedication. And I will change my data encryption idea to something else and will use something with session managements and other things I think.
Roy Simkes
Yet Another Parkyeri Developer




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users