Hello to everyone,
In my project, I need to obfuscate my scripts. While I was searching I found some useful tools except YUI Compressor that does this but I just want to learn how can I also hide my script code from Firebug? Are there anyone who knows a way to do this?
It can't be done, and anyone claiming they can is selling you snake oil.
Also, it doesn't need to be done. Obfuscation is usually needed for two reasons: (1) security, and (2) management fear of stolen code.
- Security is a bad reason because this points to mistakes made in the security architecture of the application, so the developer is at fault for thinking they need the obfuscator in the first place.
I need this in order to prevent code stealing. As I know 'minify' just compresses the code; but it is still readable without using anything. I need to 'pack'(compress + obfuscate) my scripts. I do all security stuff at server-side..
If you don't want your code to be stolen, don't send it to the user's browser. Period. Obfuscating tools might make it more difficult for someone to figure out/steal your code, but that will only slow down a determined attacker - not stop them.
Preventing people from stealing your JS code by obfuscating it, is simply not possible. The obfuscation apps out there will only make the code temporarily unreadable and somewhat difficult to disassemble, nothing more.
If your app is going to be on the net for everyone, I would suggest to think about the data that your app is exposing on the browser and minimize the amount of unnecessary data if possible. This is one of the reasons why "select * from table"->json->Ext.data.Store is a bad idea
On top of that, I would do the data validation on the server as much as possible. This way you can minimize the risk of executing "disabled" functionality from the firebug console.
But usually the problem is not the code or how much of the code is exposed in the browser, the real question is whether you can trust the users of your application. To my experience solving this kind of problems starts at much higher level in the organization than at the very end at the code level.
Ha ha. This is exactly what joeri called "snake oil". From the web page you can read that the obfuscator allows you to do three things:
* Remove comments and whitespace
* Obfuscate names.
And for the last option it says: Warning! Use this option with caution. For example, automatic renaming of global or interface variables may cause a script malfunction, so in most cases it requires manual renaming.
Which really means: it doesn't work.
As has been said before, the odds of anyone "stealing" your code and actually making use of it are pretty much nil.
Think of it this way... even IF someone goes to the trouble of copy/pasting your code (whether it's minified, obfuscated, or neither), the only thing they've done is copy your client-side logic.
In 99% of cases, that should be useless to anyone.
- Your back-end would still have to duplicated perfectly for the stolen code to work
So what exactly are you so worried about? I guarantee your project isn't worth so much money that anyone is willing to go through all of this trouble to steal your code.
Developer Relations Manager, Sencha Inc.
Turkiyenin en sevilen filmlerinin yer aldigi xnxx internet sitemiz olan ve porn sex tarzi bir site olan mobil porno izle sitemiz gercekten dillere destan bir durumda herkesin sevdigi bir site olarak tarihe gececege benziyor. Sitenin en belirgin ozelliklerinden birisi de Turkiyede gercekten kaliteli ve muntazam, duzenli porno izle siteleri olmamasidir. Bu yuzden iste. Ayrica en net goruntu kalitesine sahip adresinde yayinlanmaktadir. Mesela diğer sitelerimizden bahsedecek olursak, en iyi hd porno video arşivine sahip bir siteyiz. "The Best anal porn videos and slut anus, big asses movies set..."