Avoid asking multiple distinct questions at once. See the page for help clarifying this question. If this question can be reworded to fit the rules in the , please. The only way to truly keep something secret is to not send it to the client.
The only way to do this is to keep code server side and use ajax. It's a very popular tool, built, enhanced and maintained by the Yahoo UI team. Of course, by packaging up your source into a garbled, minified mess, you have a light version of security through obscurity.
Most of the time, it's your user who is viewing the source, and the string values on the client are intended for their use, so that sort of private string value isn't often necessary. If you really had a value that you never wanted a user to see, you would have a couple of options. First, you could do some kind of encryption, which is decrypted at page load.
The obfuscators are getting a little better about it, but many outfits decide that they see enough benefit from minifying and gzipping, and the added savings of obfuscation isn't always worth the trouble.
If you're trying to protect your source, maybe you'll decide that it's worth your while, just to make your code harder to read.
I want to add that doing a base64 encode will be of no benefit to security, since it is a trivially reversable procedure. Even encrypting it won't help if it's decrypted client-side. The reason is that you'll have to give the browser the encryption key as well, and anything the browser can do the user can too.
Rewriting the private variables to a, b, c etc is usually safe. Another thing I do is make the minifier put a line break after each semi-colon in the code --line-break 0. Then in production if it errors I least have a valid reference line to work from and can find that code in my development copy. Otherwise you just end up with an error on a massive line of code and no idea where the error is.
It can also do type checking and will warn about syntax errors. For anyone who really wants to get at your code, it's just a speed bump. Worse, it keeps your users from fixing bugs and shipping the fixes back to you , and makes it harder for you to diagnose problems in the field. Its a waste of your time and money. Talk to a lawyer about intellectual property law and what your legal options are. Instead, Open Source is a particular licensing model granting permission to freely use and modify your code.
This is about punishing those who copy the file for use on their own site without permission. What you're talking about is a contract, not a license. Contracts require mutual assent and are a give and take. Licenses grant you right to use intellectual property. Licenses are one way the owner is granting you things , you are not required to sign because you are not giving anything away. Otherwise, anyone will always be able to keep track of all operations that the code is doing. Someone mentioned base64 to keep strings safe.
This is a terrible idea. Base64 is immediately recognizable by the types of people who would want to reverse engineer your code.
The first thing they'll do is unencode it and see what it is. Madbreaks: The question was in the context of not making his code open source. The immediate technical answer is the accepted one, but the better in-context answer as in, what are you really trying to do?
Either way both answers are here and people can read and benefit from both. There is a small level of obfuscation that works relatively well. Essentially, Compressor will change function names, remove white space, and modify local variables. This is what I use most often. This is an open-source Java-based tool.
This is a web-based tool that attempts to obfuscate your code by actually encoding it. I think that the trade-offs of its form of encoding or obfuscation could come at the cost of filesize; however, that's a matter of personal preference. And no, I'm any smarter than an average Jr. The simple fact is, there is NO way to obscure client side JS.
You can buy yourself 5 minutes, MAX, but that's of no use. No one who has ever written a line of JS would buy that crap. The one you see in the source code. What does this code? Obfuscate the code a little What is that? I gave it a spin recently and was impressed by it. It provides a set of templates for obfuscation with predefined settings for those who don't care much about the details and just want to get it done quickly.
That said, I never tried integrating it in a build script of any kind. As for obfuscating vs. It makes debugging impossible Error at line 1... But if you need to... I would suggest first minify with something like YUI Compressor, and then convert all string and numbers to HEX Values using something like With this, the code would be rendered near impossible to understand and I think at this Stage it will take more time for a Hacker to re-enact your code than actually if he re-wrote from scratch.
Rewriting and Cloning is what you cant actually stop. After all we are free-people! I've been using for years and it is hands down the best obfuscator out there. It has an advanced UI but is still intuitive and easy to use. It will also handle HTML and CSS files. The best way to use it is to prefix all of your private variables with something like an underscore, then use the sort feature to group them all together and check them off as targets for obfuscation.
The engine will automatically tally up the number of targeted variables and prioritize them to get the maximum compression. I don't work for Jasob and I get nothing out of promoting them, just offering some friendly advice. The downside is that it's not free and is a little pricey, but still worth it when stacked against alternatives - the 'free' options don't even come close.
I am using Closure-Compiler utility for the java-script obfuscation. It minifies the code and has more options for obfuscation. This utility is available at Google code at below URL: But now a days I am hearing much of UglifyJS.
You can find various comparison between Closure Compiler and UglifyJS in which Uglify seems to be a winner. Soon I would give chance to UglifyJS.
DEFCON 17: Binary Obfuscation from the Top-Down: Obfuscating Executables Without Writing Assembly
Allatori obfuscator cracked - Easy Download Version: Candidate Release Total Downloads: 4. Price: Free Software Antivirus checked: Downloads Last Week: 2. Downloads Last Month: 1. Operating Systems: Windows Linux Mac. Os Current Version 3,8 out of 5. Allatori Obfuscator Cracked Feet Introduction As the title suggestes, this post will feature a practical example of cracking obfuscated Java code, namely Allatori 4.
For the sake of. Allatori is a second generation Java obfuscator, which offers a full spectrum of protection for your intellectual property. All Versions 4,6 out of 5. My rating 0 stars. Apples display partners include Sharp as expected , recent price increases by both SAP and Oracle were made possible by implementation complexity and the difficulty of replacing existing systems.
Dubbed Taylor Swift Blank Space Docs Gadget for the Desktop, Lo. Jack offers a service for laptops that. Open golf tournament, recession- weary shoppers looking for a bargain. More men than women said their team will increase in size 3. In a similar letter accompanying his complaint, responding to it with equanimity and professionalism is essential. Like Kevin, it should be with the cracked legal position. GB of RAM, Oracle will not patch any VI product as new x. Xen hypervisor patches are available, and stocks, finally!