3

Possible Duplicate:
How can I obfuscate JavaScript?

Is it possible to make some of Javascript private and confidential so that certain things can remain confidential?

Community
  • 1
  • 1
San Backups
  • 515
  • 9
  • 17
  • 1
    In short: No, any if your system's security depends on hiding the algorithm to hide the secrets (i.e. it "achieves" security though obscurity), it does not offer any security. –  Oct 17 '12 at 02:08
  • 1
    Private to whom (user, 3rd parties), and where (browser, server,etc.)? – Romski Oct 17 '12 at 02:09

2 Answers2

3

If you're asking whether or not you can prevent users from viewing your source, the answer is basically no.

Sometimes you can make it impossible to do right-click / view source, but people could simply use a tool like Firebug.

You can minify your code, but that doesn't hide it. It just makes it harder to comprehend.

jahroy
  • 22,322
  • 9
  • 59
  • 108
  • 3
    Or, you know, just receive the web site from the server and then not interpret it but show it to Mr. Hacker. Which is convenient (and trivial to conceal from the server) via a browser with disabled JS, but anything speaking HTTP 1.1 can do. Heck, I could probably write a Python script in two minutes which does this, de-minimizes the code, and syntax-highlights it. –  Oct 17 '12 at 02:11
  • @delnan - I don't understand your comment at all. Are you saying that _minification_ achieves zero security? If so, I agree. – jahroy Oct 17 '12 at 02:14
  • 1
    I'm re-iterating that all the cute tricks to prevent viewing the source work at browser level and don't fundamentally change the fact that the server is handing out the source code to anyone who asks, in plain (albeit sometimes minimized) text. Even the website owner controlling the browser wouldn't fix it, because a browser is far from the only thing that can get the source code. Yeah, minimization is not a real hinderance either, but at least it destroys a bit of valuable information (like variable names). It helps *more* than intercepting right clicks in JS. –  Oct 17 '12 at 02:16
  • 1
    @jahroy delnan is saying that you don't need a web browser to get the source of a page. You can just use any programming library or network utility that can perform HTTP fetches (and that same utility could also include an de-minification tool). – apsillers Oct 17 '12 at 02:16
  • Ok... Got it. Yes... the basic point I was trying to make was that the answer to the OP's question is..... _NO_ – jahroy Oct 17 '12 at 02:18
2

I think what you are after is encrypting/obfuscating javascript code; you cant avoid but send your JavaScript code to the client.

The best you can do is obfuscate it, which is essentially making it harder to humanly read it. and here the SO reference if you want to go down that path

How can I obfuscate (protect) JavaScript?

I am not sure why you want to do this, is it to protect some of your own code, if so then its ok, but if you are planning on putting sensitive data such as usernames/passwords embeddeed into your javascript then please don't do so, its ok to go to the server to fetch stuff better being secure :-) happy coding.

Community
  • 1
  • 1
Ricky Gummadi
  • 4,559
  • 2
  • 41
  • 67