Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 15 of 15
  1. #1
    Senior Coder o0O0o.o0O0o's Avatar
    Join Date
    Jan 2008
    Location
    C:\Windows\System32
    Posts
    1,018
    Thanks
    19
    Thanked 9 Times in 9 Posts

    Lightbulb hiding javascript code

    Is it possible to hide the javascript code in the browser.
    When person view source the html page , all the javascript function stay there as it is . Any person can see whats happening like variabble name
    etc.

    how can we prevent that?
    Please de-reputate me
    © 0o0o0o0

    Its better to rule in Hell then to serve in Heaven

  • #2
    Regular Coder mjlorbet's Avatar
    Join Date
    Jan 2008
    Location
    Milwaukee, WI
    Posts
    724
    Thanks
    8
    Thanked 96 Times in 95 Posts
    move your code into an external file. if you're looking for being able to explore your javascript's values as it's running, try using opera or another browser that allows you to browse the DOM for the page that's loaded. in opera at least, there is a tab nead the DOM view tab named JS which allows you to inspect your declared functions and variables (along with the values stored in those variables). there isn't really a way to prevent the user from seeing the code at all, but there are tools out there which will help you to obscure your source if you don't want the user to understand what the code does.
    -Mike
    "Want me to precludify him, like some kind of dispatcherator?... Can do!" -Bender

  • #3
    Senior Coder o0O0o.o0O0o's Avatar
    Join Date
    Jan 2008
    Location
    C:\Windows\System32
    Posts
    1,018
    Thanks
    19
    Thanked 9 Times in 9 Posts
    Even if i move them to external file user can still dowload that external JS file and then downlaod it
    Please de-reputate me
    © 0o0o0o0

    Its better to rule in Hell then to serve in Heaven

  • #4
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,865
    Thanks
    160
    Thanked 2,224 Times in 2,211 Posts
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #5
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,302
    Thanks
    203
    Thanked 2,561 Times in 2,539 Posts
    Quote Originally Posted by o0O0o.o0O0o View Post
    Even if i move them to external file user can still dowload that external JS file and then downlaod it
    Yes. For the zillionth time, you cannot prevent a determined user from reading the source of your Javascript or HTML files. They are already in his computer. The best you can do is use obfuscating techniques, which may or may not defeat the moderately determined user. These techniques may also server to obfuscate the code from you as well!

    Why do you want to hide your .js? I doubt if your code is so marvellously clever that others would want to steal or re-use it.

    The same applies to the issue of "stealing" images. The short answer is if you do not want people to have access to your code or images, don't upload it to the web in the first place.

  • #6
    Senior Coder o0O0o.o0O0o's Avatar
    Join Date
    Jan 2008
    Location
    C:\Windows\System32
    Posts
    1,018
    Thanks
    19
    Thanked 9 Times in 9 Posts
    Quote Originally Posted by abduraooft View Post
    Read that thread , so i can't protect the code.

    What is ionCube , i have heard about it but never used it . Can it be helpful in this case or not
    Please de-reputate me
    © 0o0o0o0

    Its better to rule in Hell then to serve in Heaven

  • #7
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,302
    Thanks
    203
    Thanked 2,561 Times in 2,539 Posts
    You would have fewer red blots if you asked fewer questions where making use of Google or the search facility in this forum would quickly give you the answer. Don't be helpless!

    ionCube is an encrypter for PHP (a server-side language) and not JavaScript (a client-side language).

    http://www.ioncube.com/sa_encoder.php

  • #8
    New Coder
    Join Date
    Jan 2008
    Posts
    11
    Thanks
    1
    Thanked 0 Times in 0 Posts
    There are about 6 different obfusication utilities out there. Just do a google search for a while. I tried the a few free ones, and downloaded commercial versions. They all promised to obscure the code, and it looked like it would do a good job of making it very difficult to read, not fool proof, a definite layer of protection. The problem I ran into is that I could not get a single one of them to run reliably. I tried each level of obfusication, and none of my code would work the same afterwards. A fairly expensive commercial app that will come in at the top of your searches was very buggy. After several hours of messing around I decided it wasn't really worth it.

  • #9
    Kor
    Kor is offline
    Red Devil Mod Kor's Avatar
    Join Date
    Apr 2003
    Location
    Bucharest, ROMANIA
    Posts
    8,478
    Thanks
    58
    Thanked 379 Times in 375 Posts
    For each "encrypting" application will appear, the very next second, an "unencrypting" one. Forget it
    KOR
    Offshore programming
    -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

  • #10
    Senior Coder o0O0o.o0O0o's Avatar
    Join Date
    Jan 2008
    Location
    C:\Windows\System32
    Posts
    1,018
    Thanks
    19
    Thanked 9 Times in 9 Posts
    I agree that whatever we try we can't hide the code . What about if we want to
    encrypt or hide only 1 line.

    I don't want to make visible the path of JS file . So may be hdidng one line of code is possible. something like

    puting js source in php include and the calling functions (just wild guess )
    Please de-reputate me
    © 0o0o0o0

    Its better to rule in Hell then to serve in Heaven

  • #11
    Regular Coder mjlorbet's Avatar
    Join Date
    Jan 2008
    Location
    Milwaukee, WI
    Posts
    724
    Thanks
    8
    Thanked 96 Times in 95 Posts
    if anything you do in php is accessible through the page (ie, having the ability to call a function, or execute a line of code) it will actually be written to the page. if you want to get sneaky, what you do is this.

    1. write your page normally, without the script.
    2. include an ajax script in your page
    3. use that ajax script to call a new php page you will write
    4. have that php page redirect to the javascript you want to include (.js file)
    5. use eval on the responseText property of your ajax request when it has completed

    this will import the script into the page without the user being able to go "view source" and see it, but the file will be in their cache, as well as the fact that anyone with opera or firefox (or ie8) can open the page as a running object, meaning they can see the dynamically generated html, what js functions/variables are defined, etc. so it's a losing battle, but you could do it that way.
    -Mike
    "Want me to precludify him, like some kind of dispatcherator?... Can do!" -Bender

  • #12
    Senior Coder o0O0o.o0O0o's Avatar
    Join Date
    Jan 2008
    Location
    C:\Windows\System32
    Posts
    1,018
    Thanks
    19
    Thanked 9 Times in 9 Posts
    I will try that but i think it will complicate the things for no reason . Thanks guys
    Please de-reputate me
    © 0o0o0o0

    Its better to rule in Hell then to serve in Heaven

  • #13
    Kor
    Kor is offline
    Red Devil Mod Kor's Avatar
    Join Date
    Apr 2003
    Location
    Bucharest, ROMANIA
    Posts
    8,478
    Thanks
    58
    Thanked 379 Times in 375 Posts
    Yes, that trick should do for the low/medium skilled users. But even so, the FF Firebug and the IE7 Developer Bar will still be able to display the JS code, even if it is dynamically generated, because the code is loaded in the cache as well.

    You see, there is a paradoxical situation. You can "hide" (or at least crypt) the client-side code from unskilled users, but the unskilled users usually don't try to see it or use it because they don't understand any language anyway. The only people who might be interested in your code are skilled in programming languages, and you can hide nothing from them because they are skilled. Moreover, usually the skilled people don't need your code, because professionals know that is easier to make a code of your own than to modify someone else's code. So they will not be interested, same as the unskilled. Now the question is: why to hide the code when 9/10 of the users don't understand your code and 1/10 of them don't want your code?

    So that, in my opinion, it is a waste of time to try to hide the HTML/Javascript source code.

    The only absolute secure way to hide a client-side application is to... use a server-side code instead
    Last edited by Kor; 05-02-2008 at 07:23 AM.
    KOR
    Offshore programming
    -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

  • Users who have thanked Kor for this post:

    Philip M (05-02-2008)

  • #14
    Senior Coder tomws's Avatar
    Join Date
    Nov 2007
    Location
    Arkansas
    Posts
    2,644
    Thanks
    29
    Thanked 330 Times in 326 Posts
    Quote Originally Posted by Kor View Post
    Now the question is: why to hide the code when 9/10 of the users don't understand your code and 1/10 of them don't want your code?
    I'm betting it's because of this:

    Quote Originally Posted by o0O0o.o0O0o
    What about if we want to
    encrypt or hide only 1 line.
    Only reason that comes to mind to hide a single line of code is password. And, of course, passwords in javascript are a bad idea.

  • #15
    Regular Coder mjlorbet's Avatar
    Join Date
    Jan 2008
    Location
    Milwaukee, WI
    Posts
    724
    Thanks
    8
    Thanked 96 Times in 95 Posts
    in my adventures trying to fix the most poorly structured system i've ever seen, i've actually come across a way to do some hiding. nest framesets within pages loaded within frames, within frames... etc. also, be sure to use code that generates at least 700 validation errors. append your code within one of the lowest level frames & reference it. granted it won't work (the script) but no one will be able to see what it would do, should it have decided to work.

    i hate life.
    -Mike
    "Want me to precludify him, like some kind of dispatcherator?... Can do!" -Bender


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •