This article was provided by JScrambler. Thank you for supporting the partners who make SitePoint possible.
When added together, this makes for a huge boost in development potential. People who have great ideas for applications don’t necessarily need to be developers or hire developers in order to make those ideas a reality.
Of course, this ease of development also opens up the increased risk of security vulnerabilities, too, since these libraries can be included and used, all without having to know what’s really going on under the hood.
Server-side hosting. Traditionally, code protection meant storing as much code on the server as possible. This kept your code safe from prying eyes, and it also allowed the server to do the heavy lifting, performance-wise.
This still holds true today, but it’s far from a one-size-fits-all solution. Storing your code on the server certainly does offer the best protection, but it also has some disadvantages, too.
One downfall is that it means that you’re forcing an internet connection. This isn’t always a problem, but it’s not feasible if you’re developing an application you want to work offline.
Another consideration is performance. Server calls take time. This isn’t a huge issue for simple apps, but it may be one for high-performance apps like games, where excessive latency can ruin the user experience.
Why encryption won’t work. An inevitable question that many ask is, “Why can’t I just encrypt my file?” This is a great thought. Really. The problem is that it doesn’t quite work that way. You can encrypt the files, but then they won’t be of any use to the browser. You’ll need to decrypt them to make them readable to the browser, putting you back to square one.
When you add all this together, it makes for a pretty big source code playground for would-be hackers to play around in.
Obfuscation is the process of methodically going through your code, transforming and rearranging it, all with the goal of making it virtually impossible to read and understand it with the naked eye but keeping its functionality. (Note: minification is different from obfuscation, you can easily retrieve the original code from minified code.)
With the dozens of obfuscation programs to choose from, how do you choose one that is right for you? Here are some things to consider when choosing.
Download source. Possibly the most important consideration is the source you’re downloading the software from. And this particular piece of advice should apply to pretty much anything that you download from the Web. Always check the reputation of where you’re downloading from.
If he hadn’t de-obfuscated the code to see what was really going on, he never would’ve noticed it. The moral of the story: Always be skeptical about where you download your software from.
Compatibility. The next most important feature to look for is compatibility. Make sure that whichever program you choose is compatible with any libraries you may be using. If you don’t, the code it outputs may not work anymore, and you might spend more time than you’d like tracking down and fixing errors.
- performance optimization through minification
- dead code insertion
- function outlining
- browser and domain locking
- expiration dates on code functionality