To use an open source language, free community support (and also lecture others what they should answer), open to anyone free articles on the net and then to talk of “working hard” and “don’t want it to be open”, hehe.
If you’re making some kind of point, I’m failing to see it. Except for the fact that everyone but yourself as you’ve just pointed out has been helpful and not here just to waste everyone’s time and antagonize.
You have every right to be here and if you don’t find value in hiding, obfuscating, minifying, compressing or whatever else we may be discussing doing with JS that’s fine and that’s your opinion, but some of us here might find value in such things. I’m not saying I want to hide all my JS or that everyone should, I’m just saying there might be times where it’s useful.
But to be honest your behavior is kind of strange and awkward at this point, you’ve taken some odd personal angle on this thing. Again, no one can tell you that you can’t be here, but I don’t know why you’d bother, it’s like going into a forum discussing different shades of blue just to say you don’t like blue, how is that helpful to anyone?
Anyways, back to the discussion… if anyone’s interested I’ve found a really simple technique to encode and compress your JS:
I recommend backing all your JS files up first.
Then, run your JS through: http://refresh-sf.com/yui/
…then copy the outputted code…
Then, paste and run it through: http://javascriptcompressor.com/
Very simple, very clean… and I’ve even noticed quicker load times through my tests. Of course it can still be decoded, but I still think it can be useful, and apparently Google thinks so too because they use similar methods, what do you guys think?
Thanks
Yeah, I always noticed that with Google too, but I didn’t quite understand why until I started this thread and discussing it.
I think everything has been already mentioned.
PHP is server-side, javascript is client-side.
Anything sent to the client can be kept and analyzed.
You can do things to prevent a direct HTTP request for the file.
You can put legal protection in place.
You can minify and obfuscate the code.
IMHO if you want this code to remain solely yours, do the legal route. And be prepared to take legal action when neccessary.
If you want to make it as hard as possible for others to figure out what you’re doing, minify and obfuscate.
Just a thought:
How about serving your sensitive JS with AJAX, adding it to the DOM (thus not keeping it in a file), then find a way to execute it from there, using non-sensitive JS for this task?
Would this make it harder for somebody to get it?
I never test it thou, I might be wrong.
I was thinking maybe you could license it and charge a fee for those that want to use it. That way any legal expense you encounter prosecuting those violating your copyright would be offset some.
Also, if it is something you’re thinking of distributing it may want to not minify and/or obfuscate it. At least not without providing a “human readable” copy with it. Some may be reluctant to use code they don’t understand as this is commonly used by script-kiddies to hide stolen and sinister code.
[QUOTE=Ulyses;4537953]Would this make it harder for somebody to get it?
QUOTE]
No. The JavaScript still has to be loaded into the browser in order to run and so someone could just make a minor mod to the Ajax code so as to download the script and display it instead of running it.
What is so special about this particular JavaScript?
Does it make me breakfast in the morning?
Otherwise is it really worth the hassle?
To protect insignificance?
The only two reasons I have seen obfuscation used with javaScript are:
-
for scripts you are making available for beginners to use where you want to discourage them from making changes to the part of the script that they shouldn’t need to touch
-
scripts written by beginners who want to hide how badly written their script is.
Neither reason has anything to do with protecting the source from theft or preventing someone from examining the script to see how the particular effect was achieved so they can create their own similar version.
Clarification: At this point, this is simply an open discussion, there is no specific code or file in which I need help hiding. In fact this is mostly a hypothetical I started thinking about; “I want to do this… how or is it even possible?”
I have learned about compressing JS for better load times and wasting less space.
At this point the majority consensus is that nothing done in JS should need to be hidden/secured in the first place, secondly that any attempt to protect JS is merely a deterrent that can easily be broken. I’m mostly in agreeance with this, but I’m still interested to know if perhaps anyone has a valid example of needing to protect JS and having a solid technique to do so.
When such a case occurs, this is when you send data to a server-side script to perform the necessary protected work.
That is the only viable way to ensure a suitable level of protection.
Definitely, and thank you everyone for your helpful knowledge. Feel free to add anything you think was missed. I think we’ve stressed the points as much as is needed for JS usage methods, I’ve learned plenty.
I suppose if the subject ever comes up again on another thread, another forum altogether or if a client asks if their JS can be “protected” in whatever fashion they ask this could be a good source to point them to.
Thanks again.
That’s great to hear. You’ll be please to know too that this thread is also now featured as a “Highlight Forum Discussion” at http://www.sitepoint.com/forums/index.php
You’ll be please to know too that this thread is also now featured as a “Highlight Forum Discussion”
I had to laugh at this. The discussion wrapped up about 20 posts ago, since then it’s been flogging a dead horse
This same topic has been widely discussed and the answer is always the same. There is no way you can protect your javascript form being seen. Even if you change the location every request. Any one can just grab a copy and save it in their machine to analise and maybe hack later. Just like someone said, if you don’t want you javascript to be stolen, don’t put it on the Internet.
I’m not trying to be rude here, I’m just being realistic. You can go through all the methods you want to make it more difficult to find or read, but if someone really wants to get it he/she will and there will be nothing you could do about it.
I wrote this article years ago when I was a noob but I presume it still works 
http://www.developertutorials.com/tutorials/php/hide-your-javascript-with-php-050419/page1.html
So…I only need to access the first page of the site, set the session cookie…good to go downloading the JavaScript complete.
From memory yes, that’s pretty much how it works. Test it and give it a try. If the code in the example doesn’t work let me know and I can relook at it.
Sorry to be so brief, I have to elave the office now My head is fried anyway
Well, it’s a higher wall to jump.
Is there really any good reason to want to obscure javascript scripting, when you can have the server-side script perform completely hidden work instead?
I’m a scientist and believe that full and open disclosure is key to the advancement of knowledge. I have written some code. I know I’m not perfect and that I can make mistakes. By having “open” code I can, and have more than once, get suggestions on how to fix any errors I may have made and on how the code could be improved. It is impossible for me to think of everything and to test for every conceivably possible use senario. That’s what Beta is for.
Nothing personal, but if you think you have something so special, you are probably only fooling yourself. If you strongly believe and are convinced that you do, then IMHO you should not put it online, but license it instead.