javascript tutorial - [Solved-5 Solutions] How can we obfuscate javascript ? - javascript - java script - javascript array
Problem:
We want to make a JavaScript application that's not open source, and thus we wish to learn how to can obfuscate my JS code ?
Is this possible ?
Solution 1:
Obfuscation: Try YUWE Compressor. It's a very popular tool, built, enhanced and maintained by the Yahoo UWE team. We may also use:
Private String Data:
Keeping string values private is a different concern, and obfuscation won't really be of much benefit. Of course, by packaging up our source into a garbled, minified mess, we have a light version of security through obscurity. Most of the time, it's our user who is viewing the source, and the string values on the client are intended for their use, so that sort of private string value isn't often necessary.
If we really had a value that we never wanted a user to see, we would have a couple of options. First, we could do some kind of encryption, which is decrypted at page load. That would probably be one of the most secure options, but also a lot of work which may be unnecessary. We could probably base64 encode some string values, and that would be easier.. but someone who really wanted those string values could easily decode them. Encryption is the only way to truly prevent anyone from accessing our data, and most people find that to be more security than they need.
Sidenote:
Obfuscation in Javascript has been known to cause some bugs. The obfuscators are getting a little better about it, but many outfits decide that they see enough benefit from minifying and gzipping, and the added savings of obfuscation isn't always worth the trouble. If you're trying to protect our source, maybe you'll decide that it's worth our while, just to make our code harder to read. JSMin is a good alternative.
Solution 2:
I'm surprised no one has mentioned Google's Closure Compiler. It doesn't just minify/compress, it analyzes to find and remove unused code, and rewrites for maximum minification. It can also do type checking and will warn about syntax errors. JQuery recently switched from YUWE Compresser to Closure Compiler, and saw a "solid improvement"
Solution 3:
Obfuscation can never really work. For anyone who really wants to get at our code, it's just a speed bump. Worse, it keeps our users from fixing bugs (and shipping the fixes back to you), and makes it harder for we to diagnose problems in the field. Its a waste of our time and money.
Talk to a lawyer about intellectual property law and what our legal options are. "Open Source"does not mean "people can read the source". Instead, Open Source is a particular licensing model granting permission to freely use and modify our code. If we don't grant such a license then people copying our code are in violation and (in most of the world) we have legal options to stop them.
The only way we can really protect our code is to not ship it. Move the important code server-side and have our public Javascript code do Ajax calls to it.
Solution 4:
The problem with interpreted languages, is that we send the source to get them working (unless we have a compiler to bytecode, but then again, it is quite trivial to decompile).
So, if we don't want to sacrifice performance, we can only act on variable and function names, eg. replacing them with a, b... aa, ab... or a101, a102, etc. And, of course, remove as much space/newlines as we can (that's what so called JS compressors do).
Obfuscating strings will have a performance hit, if we have to encrypt them and decrypt them in real time. Plus a JS debugger can show the final values...
SOLTIUON 5:
A non-open-source Javascript-based application is fairly silly. Javascript is a client-side interpreted language.. Obfuscation isn't much protection..
JS obfuscation is usually done to reduce the size of the script, rather than "protect" it. If we are in a situation where we don't want our code to be public, Javascript isn't the right language..
There are plenty of tools around, but most have the word "compressor" (or "minifier") in its name for a reason..