12 Jan 2011 3:59 AM #1
Hello to everyone,
In my project, I need to obfuscate my scripts. While I was searching I found some useful tools except YUI Compressor that does this but I just want to learn how can I also hide my script code from Firebug? Are there anyone who knows a way to do this?
Thanks in advance..
12 Jan 2011 4:06 AM #2
It can't be done, and anyone claiming they can is selling you snake oil.
Also, it doesn't need to be done. Obfuscation is usually needed for two reasons: (1) security, and (2) management fear of stolen code.
- Security is a bad reason because this points to mistakes made in the security architecture of the application, so the developer is at fault for thinking they need the obfuscator in the first place.
12 Jan 2011 4:23 AM #3
I need this in order to prevent code stealing. As I know 'minify' just compresses the code; but it is still readable without using anything. I need to 'pack'(compress + obfuscate) my scripts. I do all security stuff at server-side..
12 Jan 2011 7:38 AM #4
Why do you think people would steal your code?
12 Jan 2011 7:41 AM #5
Actually this is not just I want. This is also what the people that is going to use it wants.. I think there are many people who wants this, otherwise there wouldn't any obfuscating tools..
12 Jan 2011 9:18 AM #6
If you don't want your code to be stolen, don't send it to the user's browser. Period. Obfuscating tools might make it more difficult for someone to figure out/steal your code, but that will only slow down a determined attacker - not stop them.
12 Jan 2011 11:25 AM #7
12 Jan 2011 12:14 PM #8
Preventing people from stealing your JS code by obfuscating it, is simply not possible. The obfuscation apps out there will only make the code temporarily unreadable and somewhat difficult to disassemble, nothing more.
If your app is going to be on the net for everyone, I would suggest to think about the data that your app is exposing on the browser and minimize the amount of unnecessary data if possible. This is one of the reasons why "select * from table"->json->Ext.data.Store is a bad idea
On top of that, I would do the data validation on the server as much as possible. This way you can minimize the risk of executing "disabled" functionality from the firebug console.
But usually the problem is not the code or how much of the code is exposed in the browser, the real question is whether you can trust the users of your application. To my experience solving this kind of problems starts at much higher level in the organization than at the very end at the code level.
my 2 cents..... I hope it helps.
13 Jan 2011 7:37 AM #9
* Remove comments and whitespace
* Obfuscate names.
And for the last option it says: Warning! Use this option with caution. For example, automatic renaming of global or interface variables may cause a script malfunction, so in most cases it requires manual renaming.
Which really means: it doesn't work.
13 Jan 2011 8:46 AM #10
As has been said before, the odds of anyone "stealing" your code and actually making use of it are pretty much nil.
Think of it this way... even IF someone goes to the trouble of copy/pasting your code (whether it's minified, obfuscated, or neither), the only thing they've done is copy your client-side logic.
In 99% of cases, that should be useless to anyone.
- Your back-end would still have to duplicated perfectly for the stolen code to work
So what exactly are you so worried about? I guarantee your project isn't worth so much money that anyone is willing to go through all of this trouble to steal your code.Arthur Kay
Developer Relations Manager, Sencha Inc.
Twitter | Sencha Chicago User Group
By cracra in forum Community DiscussionReplies: 2Last Post: 6 Jan 2010, 12:51 AM
By stevebla in forum Ext 3.x: Help & DiscussionReplies: 5Last Post: 28 Sep 2009, 12:12 PM
By deanoj in forum Community DiscussionReplies: 4Last Post: 20 May 2008, 3:49 PM
By jonathanv in forum Ext 1.x: Help & DiscussionReplies: 6Last Post: 30 Jul 2007, 8:38 AM