How to protect javascript

Forum Moderators: open

Message Too Old, No Replies

How to protect javascript

Rolozo

2:03 pm on Nov 19, 2005 (gmt 0)

if we save web "save as" all the javascripts are copied on our hard disk as well.
But i want to protect my javascript from copying.
How can i protect javascript running on my website?

sullen

2:42 pm on Nov 19, 2005 (gmt 0)

you can buy encryption programmes for this. You'll need to test in all browsers (Safari often has problems for example). Search for javascript encryption

Alternatively you can render your code very difficult to edit by changing variable names and removing all line breaks.

NB you can't actually stop the script from being saved onto the user's hard disk though or it wouldn't run.

JAB Creations

9:29 am on Nov 20, 2005 (gmt 0)

If it is clientside I can get a hold of it PERIOD.

Now I have seen some sort of encryption method used. I understood that though I did not understand how to read or convert it. Yet the browser still executed the script.

httpwebwitch

1:40 am on Nov 23, 2005 (gmt 0)

two steps:
1) write in a condition that looks at the URL


var domainname = location.href;
if (domainname.indexOf("mywebsite.com")>0){
 dostuff();
}

2) obfuscate the heck out of the code until it's so unreadable that no one would ever bother stealing it.

People are tired of arguments why it's impossible to "protect" client-side code. And I'm tired of explaining it. Still, sometimes you get birdbrained suits who a) don't understand and b) won't liten, and to appease them try the methods above.

When they see the obfuscated javascript, tell them that it's "encrypted" using a fantastic government algorithm.

Use the word "algorithm" a lot. they like that.

good luck

httpwebwitch

1:46 am on Nov 23, 2005 (gmt 0)

the best JS "encryption" usually involves turning the entire script into one long string, and mangling it with some kind of simple cipher.

The executable script uses a build-in decoder, then runs the result through exec()

madmac

4:10 am on Nov 23, 2005 (gmt 0)

Even if you can reverse "encrypted" javascript, it does help thwart casual stealing. Someone is only going to bother decrypting it if they really want it, even if it is easy to do, because lets face it, we are a pretty lazy species ;)

Removing whitespace, encrypting, etc also has a very beneficial side to it though that has nothing to do with preventing piracy: It makes the file size alot smaller. This is really quite handy if you have a large javascript library.

Dean Edwards's Javascript Packer [I know no URLs, but that should be enough info to hep you find it] can really squash stuff down... often it will reduce the size by over 50%. One note on his packer, I've had some troubles sometimes with the lower encoding settings running in Safari, but it works fantastic on the "High ASCII" setting.