Protecting your web-app source code

Hi all,

Just looking for some quick opinions from people developing webapps. For webapps there is likely a lot value in the javascript thats available to view in plain text by anyone. Is there any means of protecting your source code from prying eyes? While I have a lot of code server side, if I wanted my app to work offline, I would need to move this client side and I’m concerned about theft of code etc

What are reasonable options to get around this?

  1. Obfuscating the client side javascript code?
  2. Don’t support off-line operation?
  3. Code secrecy is overrated - dont do anything?
    4 …?

I’d love to hear your opinions - thanks!

Don’t bother. If they really wanted your “super-unique-awesome-valuable” code they will get it no matter what lame obfuscating you do. In the end it has to be un-obfuscated to run. Plus that can just copy and paste the code as it and it will still run. So then what?

Thanks for the reply. Let me clarify my question, I’m not really talking just about me as a developer, but rather the general architecture of off-line web applications, particular in light of Google ChromeOS laptops hitting the high street in a few weeks.

The likes of Gmail, Google docs etc will be able to function at some level in an offline capacity - I’m assuming one approach to this, is to use embedded html5 databases to store the user interaction for later sync’ing, e.g. the mail the user is writing offline could be stored in the embedded database and then once the internet connection is re-established retrieve from the local database and sync the appropriate operation (send email etc etc).

If the above is generally the approach one should adopt, it is clear that one needs to assume the client side code is free for everyone to see (although its probably still worth obfuscating the code for speed reasons). Essentially treat it as open-source (licensing and legalities aside). The commercially valuable code needs to stay server-side then?

If those assumptions are correct I’m trying to figure out how this could translate for webapps where user interaction is dependent on the result of previous interaction, for example image editing webapps, audio editing webapps, etc.

Any thoughts regarding that?

It is always better for commercially valueble code to stay server-side.
If you use ajax in your webapp then you can have most of the code on the server. Javascript in there only for communication with server and for displaying the results.