I am building a web application for a company so they can test the app on a control group of people to see if they would like to try funding the app. Funding beforehand is not an option, however I would like to keep the code somewhat private, so that someone from an IT team can't just easily download all the app files and claim it as theirs. I have researched a little but also found little on what can be done to protect the files for the app which are written in javascript, html, css, ect. basic web development languages. i was just curious if anyone knew of a way to somehow protect these files if it is even possible. I'm not against sharing my code, however for a business opportunity I prefer that it remain private for the time being.
-
Use `grunt` or `yeoman` to setup anything for you, including css/js minify. In fact, all tools can only make your code a mess, so that people can't read directly. However, they can always work out with patient. – Kroderia Jul 01 '16 at 00:20
-
No, it's not possible. You can move the bulk of the logic over to a server though. – Marty Jul 01 '16 at 00:20
-
Ya i have heard of doing that. I'm not entirely educated on the process of retrieving it though. I suppose I could look into that as well – Pixelknight1398 Jul 01 '16 at 00:21
-
I would recommend simply not developing enough of the app so that stealing what you developed is not very productive. Don't develop a whole app without being paid, just make a prototype. – Alexander O'Mara Jul 01 '16 at 01:08
-
I had made the prototype originally and presented it in a video. However now they want to test it and it has to be deployable. – Pixelknight1398 Jul 01 '16 at 02:21
2 Answers
This question has been answered before: How can I obfuscate (protect) JavaScript?
But anyway, here's my take on the question:
You don't need to protect your HTML/CSS code, unless that aspect of the app is what is so proprietary. If that is so, obfuscate your code (there are many websites online that will do this for you).
From the information you gave me, I can infer that it's not the styling or the UI you want to protect, it's the application's logic. In that case, you can obfuscate and then minify the JS code such that it's very hard to deconstruct (although some web browsers do pretty-print the code). To see an example of this, go to Google, open the dev tools, and look at any JS file under the Sources.
I also saw another interpretation to your question. If you meant "to protect the application from being downloaded and then reuploaded", that sadly isn't possible with web apps (unless you explicitly check the domain that the app is running on and restrict the app from running on domains other than yours).
An implementation of the domain-protection would look something like this:
if (window.location.hostname !== "yourwebsite.com") {
alert("Invalid domain, redirecting to official app...");
document.location = "http://www.yourwebsite.com/app/";
}
After adding this protection, you can stop it from being removed by minifying and obfuscating the JS code.
-
I was just about to comment the previous questions by saying that minifying the code is pretty useless because of chrome pretty-print – iomv Jul 01 '16 at 00:17
-
Yes, that's true, but obfuscation still makes life difficult for people who try to reverse engineer, so that may be an option for the OP. – Aditya R Jul 01 '16 at 00:18
-
-
Obfuscating *before* minifying would probably be counter-productive. – Alexander O'Mara Jul 01 '16 at 01:04
For the css and Js a lot of people use minification. This makes your code really hard to read and finding the business logic in your code. As for the HTML you could uglify it. There is no real way to hide HTML,CSS, JS in your browser because the browser dev tools would reveal all of the code. There are only ways to make it unreadable.
JS minification tool : https://javascript-minifier.com/ Css minification tool : https://cssminifier.com/
https://developers.google.com/speed/docs/insights/MinifyResources
- 75
- 1
- 11