-2

I am developing a system with JavaScript, which I want to let it work only on common web browsers (like IE9, Firefox, Chrome, Safari, Opera, ...).

First, I've compressed my code using Closure library+Closure compiler with the ADVANCED_OPTIMIZATION option, generating a code which slightly looks difficult to understand. Unfortunately, the codes can easily be converted to something beautiful (and readable) by using tools like this.

Second, I've chosen algorithms which are easy to read, but difficult to understand. For example, scripts that are decoding Reed-Solomon codes may be difficult to understand for those who has never developed such kind of algorithms before. Of course this solution is not perfect, because ones who have deep knowledge to Reed-Solomon codes may figure out what's written inside, even if the code is compressed and has no comments.

But the major problem is that my complicated code may run easily just by copying-pasting to Non-Web browser javaScript environments like Rhino+env.js, PhantomJS, and so on.

Please teach me the usable techniques to let my code ignore non-web browser environments, if there are .

Izumi Kawashima
  • 1,197
  • 11
  • 25

3 Answers3

3

I don't really understand the point of this question, but it sounds like your worry is that you don't want people to steal your JS that you return as part of your site.

If that's the case, there is only one real solution: do the work on the server.

jcvandan
  • 14,124
  • 18
  • 66
  • 103
2

You can make it hard to run the code but in the end, it's source code that you give to the world. Any kind of obfuscation and encryption must be reversed before the browser can execute it which means that anyone can eventually reverse engineer the code.

If you don't want this / can't have it, then the browser isn't a suitable tool for you. You can try to write a desktop application or build an appliance (= code which is protected by hardware) but that just raises the bars for reverse engineering. People do grind off the cover off chips to find out how they work.

From my experience, you can make it somewhat hard to "steal" your valuable data but you can't prevent it. Other downsides that you should take into account:

  • Paying customers will be offended by bugs and limitations that you impose on them (pirates will simply remove your copy protection).
  • Hollywood spent millions of dollars in DVD CSS and HDMI. Both protection systems were circumvented in a relatively short time. How much money do you plan to spend?
  • Maybe your time and energy is spent better on providing a better service to customers so they don't feel any need to "steal" from you.
Aaron Digulla
  • 321,842
  • 108
  • 597
  • 820
0

Add this to the beginning of your script:

if(typeof window === 'undefined')
  throw new Error('This script is meant to run in a web browser');

Obfuscate it as you see fit.

If you are doing this for security purposes it is a pointless endeavour. Everything you do in Javascript running on the users' browsers can be read and modified by the users. Not only that, but it is very easy for them to do so. Any data you don't want the users to see should not be sent to their browser at all. All processing should be done server-side.

Paul
  • 139,544
  • 27
  • 275
  • 264
  • The window object will still exist in PhantomJS, but then again, PhantomJS is a browser, so I don't know what this dude is getting at... – jcvandan Oct 16 '13 at 15:40