1. #1
    Sencha User
    Join Date
    Jul 2008
    Location
    Brooklyn NY
    Posts
    120
    Vote Rating
    0
    tBSTAR is on a distinguished road

      0  

    Default Code Security

    Code Security


    Hi,

    I have seen people putting samples out there with business logic, but how actually you can avoid doing that. I could in fact open their JS and see their code, so how would you not show it?

  2. #2
    Sencha User deccard's Avatar
    Join Date
    Jan 2008
    Location
    Chesterfield, UK
    Posts
    28
    Vote Rating
    0
    deccard is on a distinguished road

      0  

    Default


    Personally all my BL is executed in PHP libraries on the server, any information passed to the browser/client is just data. All my Javascript/browser code is just processing pretty GUI interfaces for the data.

    I would steer clear of trying to use any sensitive BL on the client, as far as i know theres no real safe way to do this outside of getting into custom clients/activex - but i could be wrong.

    Martin.

  3. #3
    Sencha - Community Support Team hendricd's Avatar
    Join Date
    Aug 2007
    Location
    Long Island, NY USA
    Posts
    5,962
    Vote Rating
    10
    hendricd will become famous soon enough hendricd will become famous soon enough

      0  

    Default


    The best you could achieve is a combination of the following:

    1) source obfuscation
    2) load business logic via Ajax (and eval it)
    3) and hope they don't know how to use yourFunction.toSource()/toString().

    "be dom-ready..."
    Doug Hendricks

    Maintaining ux: ManagedIFrame, MIF2 (FAQ, Wiki), ux.Media/Flash, AudioEvents, ux.Chart[Fusion,OFC,amChart], ext-basex.js/$JIT, Documentation Site.


    Got Sencha licensing questions? Find out more here.


  4. #4
    Sencha User willgillen's Avatar
    Join Date
    Mar 2007
    Posts
    110
    Vote Rating
    0
    willgillen is on a distinguished road

      0  

    Default


    Quote Originally Posted by hendricd View Post
    The best you could achieve is a combination of the following:
    1) source obfuscation
    I've seen some people using pretty good JS obfuscation.
    Do you have any examples of how to do good obfuscation?
    Quote Originally Posted by hendricd View Post

    3) and hope they don't know how to use yourFunction.toSource()/toString().
    That is funny!

  5. #5
    jay@moduscreate.com's Avatar
    Join Date
    Mar 2007
    Location
    Frederick MD, NYC, DC
    Posts
    16,360
    Vote Rating
    81
    jay@moduscreate.com is a name known to all jay@moduscreate.com is a name known to all jay@moduscreate.com is a name known to all jay@moduscreate.com is a name known to all jay@moduscreate.com is a name known to all jay@moduscreate.com is a name known to all

      0  

    Default


    I've read a few books on website hacking, it can be difficult to keep your code away from peering eyes. It's sooo easy to dissect a dynamic page with firebug.

  6. #6
    Sencha User
    Join Date
    Jul 2008
    Location
    Brooklyn NY
    Posts
    120
    Vote Rating
    0
    tBSTAR is on a distinguished road

      0  

    Default


    Thanks for the feedback guys.