Welcome to WebmasterWorld Guest from 54.167.83.224

Forum Moderators: open

Message Too Old, No Replies

How to protect javascript

     
2:03 pm on Nov 19, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Aug 20, 2005
posts:131
votes: 0


if we save web "save as" all the javascripts are copied on our hard disk as well.
But i want to protect my javascript from copying.
How can i protect javascript running on my website?
2:42 pm on Nov 19, 2005 (gmt 0)

Preferred Member

10+ Year Member

joined:Apr 4, 2003
posts:410
votes: 0


you can buy encryption programmes for this. You'll need to test in all browsers (Safari often has problems for example). Search for javascript encryption

Alternatively you can render your code very difficult to edit by changing variable names and removing all line breaks.

NB you can't actually stop the script from being saved onto the user's hard disk though or it wouldn't run.

9:29 am on Nov 20, 2005 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member jab_creations is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 26, 2004
posts:3143
votes: 12


If it is clientside I can get a hold of it PERIOD.

Now I have seen some sort of encryption method used. I understood that though I did not understand how to read or convert it. Yet the browser still executed the script.

1:40 am on Nov 23, 2005 (gmt 0)

Moderator from CA 

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 29, 2003
posts:4059
votes: 0


two steps:
1) write in a condition that looks at the URL


var domainname = location.href;
if (domainname.indexOf("mywebsite.com")>0){
dostuff();
}

2) obfuscate the heck out of the code until it's so unreadable that no one would ever bother stealing it.

People are tired of arguments why it's impossible to "protect" client-side code. And I'm tired of explaining it. Still, sometimes you get birdbrained suits who a) don't understand and b) won't liten, and to appease them try the methods above.

When they see the obfuscated javascript, tell them that it's "encrypted" using a fantastic government algorithm.

Use the word "algorithm" a lot. they like that.

good luck

1:46 am on Nov 23, 2005 (gmt 0)

Moderator from CA 

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 29, 2003
posts:4059
votes: 0


the best JS "encryption" usually involves turning the entire script into one long string, and mangling it with some kind of simple cipher.

The executable script uses a build-in decoder, then runs the result through exec()

4:10 am on Nov 23, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Sept 27, 2003
posts:156
votes: 0


Even if you can reverse "encrypted" javascript, it does help thwart casual stealing. Someone is only going to bother decrypting it if they really want it, even if it is easy to do, because lets face it, we are a pretty lazy species ;)

Removing whitespace, encrypting, etc also has a very beneficial side to it though that has nothing to do with preventing piracy: It makes the file size alot smaller. This is really quite handy if you have a large javascript library.

Dean Edwards's Javascript Packer [I know no URLs, but that should be enough info to hep you find it] can really squash stuff down... often it will reduce the size by over 50%. One note on his packer, I've had some troubles sometimes with the lower encoding settings running in Safari, but it works fantastic on the "High ASCII" setting.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members