-3

Possible Duplicate:
Javascript library: to obfuscate or not to obfuscate - that is the question

Hi, I'm creating a very simple footer zone with a jquery animated drawer and a simple carouseel with a modal to show some products of my store.

Any decent jquery programmer will easily top this, i'm a noob, the problem is that I know my competition very well, the moment they lay eyes on this they will implement the same, I just don't want them to outragely rip off my hard earned code.

I found this javascript obfuscator online:http://www.javascriptobfuscator.com/default.aspx

is it any good?

My question is, although it "obfuscates" the code, its still pretty easy to just donwload the .js file with my code and implement it. Is there a way to make the javascript file not load/work if its not in my domain?

This + the code obfuscation would work really well don't you think? Can you point me out something like this or a simple alternative?

Thanks Best Regards Joricam

Community
  • 1
  • 1
Joricam
  • 2,329
  • 4
  • 18
  • 14
  • 4
    Search for any of the numerous similar questions and read it. Learn that this is effectively impossible and propably not worth the effort anyway. Be enlightened, go home and have a nice cup of tea instead of worrying about this. –  Apr 19 '11 at 03:11
  • Im sorry to tell but that's impossible with how HTML (hyper TEXT markup language) In order for the browser to be able to render content and run the javascript both the HTML and the JAVASCRIPT on every page have to be presented to the browser in a form that the browser can read. The one and only form the browser accepts is text, the same text that your own eyes can read. It's possible to make it hard to read (remove all whitespace, obscure variable names) but it cannot be made impossible to read since the browser needs to be able to read it too!. – lock Apr 19 '11 at 03:15
  • yes i've realized this, thanks, I'll just try to hide it and make it hard to read as much as possible – Joricam Apr 19 '11 at 03:46
  • Please [be nice](http://stackoverflow.com/faq#benice) - bad language is not welcome here. – Justin Apr 19 '11 at 04:12
  • ok I'm sorry about that, I've edited hte post and removed those insinuations, I also promise to rethink my aproach to the members of this forum, especially regarding this example, this is the greatest place on hearth, I'm 24 now and just recently turned again to IT and programming, I wish back then when I was 14 this site existed.. – Joricam Apr 20 '11 at 01:10

4 Answers4

5

One thing to think about. I can simply take your obfuscated/hard to read code and plop it right on my site and boom, it works. This is not like obfuscating PHP code where it requires a tool to decode it, and run. I can take your code as is, and it works fine.

However, if you insist:

I would just use any decent javascript minimizer to make your code harder to read. Not only will this improve the load time of the script, but also make your code harder to read.

I highly suggest something like YUI compressor or Google Closure

Note that I am stating, make it harder to read. Don't bank on this obfuscation idea, as you will not find any good solutions. It is not worth your time.

Mike Lewis
  • 63,433
  • 20
  • 141
  • 111
  • Yes thats my problem! How can I avoid them to just copy paste it? Is there a way to have relative paths or something? – Joricam Apr 19 '11 at 03:19
  • 2
    I hate to break it to you, but there really isn't anything stopping them from copy and pasting it. If they are determined, they can do it. You could potentially put it on the server, and execute it client side. However I can simply load up Firebug and see what you did. – Mike Lewis Apr 19 '11 at 03:22
  • @Joricam The code must run as-is. It'll always continue to run as-is when copy-pasted, as long as the copier takes some care to put everything that is required to make it run in the right directories. Everything that is required to make it run is easy to inspect. You simply can't prevent that, full stop. – deceze Apr 19 '11 at 03:25
  • Yet I am from Portugal and I believe that if someone has to copy something so simple as my jquery code, is because they are so stupid they probably don't even know whats firebug. So please tell me how can I use that technique you described? – Joricam Apr 19 '11 at 03:26
  • I would look at On Demand Javascript, seen here http://ajaxpatterns.org/On-Demand_Javascript – Mike Lewis Apr 19 '11 at 03:27
  • 4
    If they're too stupid to run Firebug, they're too stupid to implement your stolen jQuery code. You're being paranoid. Spend more time developing and less time worrying about what someone else *might* do. – ceejayoz Apr 19 '11 at 03:32
  • like i said, I know them very well, this means, they've done it before and it really sucks because I put a lot of effort and I don't have money so I have to do everything myself, from programming to packaging and shipping boxes and lean jquery at 4.3a.m.... so If I just can delay them its great news for me – Joricam Apr 19 '11 at 03:37
  • can someone tell me whats this? is it another obsfucator or something new? – Joricam Apr 19 '11 at 03:38
  • http://www.microsoft.com/downloads/en/details.aspx?FamilyId=E7877F67-C447-4873-B1B0-21F0626A6329&displaylang=en#Overview – Joricam Apr 19 '11 at 03:38
  • @Joricam: *Ahem*: "Note that this encoding only prevents casual viewing of your code; it will not prevent the determined hacker from seeing what you've done and how." Note that this is the *second* sentence of the paragraph you linked to. I'm sorry that you don't like this situation, but It.Just.Can't.Be.Done. Not with JS. – Piskvor left the building Apr 19 '11 at 07:16
  • ok guys no problem, I took the general consensus advice here, let them copy it I'll just keep improving and try to keep ahead by inovation instead of locking it up. Best regards. – Joricam Apr 20 '11 at 01:08
4

My question is, although it "obfuscates" the code, its still pretty easy to just donwload the .js file with my code and implement it. Is there a way to make the javascript file not load/work if its not in my domain?

No. There is no technique that is going to prevent a determined competitor from reverse engineering your JavaScript code.

For what you're describing - a drawer and carousel - they likely wouldn't even bother. Plenty of free, open source jQuery plugins that do that are out there. If anything, you're probably reinventing the wheel anyways.

ceejayoz
  • 176,543
  • 40
  • 303
  • 368
  • yes I know but I just want to make it harder for them, so they dont rip off my images / design. If they want one they can make one themselves, I just dotn want to upload this today and see it tomorrow in they're website – Joricam Apr 19 '11 at 03:18
  • What do images and design have to do with jQuery? If they steal your JavaScript code, images, design, etc., it's copyright infringement and they can be sued. – ceejayoz Apr 19 '11 at 03:31
  • not in Portugal... the money I would have to spend because of that doesnt really pays it off and it would take years. Sad country of mine really. – Joricam Apr 19 '11 at 03:35
  • Doesn't really matter. You say in your answer that you're a "noob" and that any decent programmer could do it. There probably exist dozens of plugins that already do what you've coded. Why are you wasting brainpower and time on this when it isn't really a problem? – ceejayoz Apr 19 '11 at 03:43
  • you are right. I'll eveluate priorities but will certainly came back to this later. Thanks for your concern and support! – Joricam Apr 19 '11 at 03:59
1

If you don't want your code to be seen, I suggest placing it all on the server. JavaScript, by design is meant to be client-side, so regardless of what you do, people will still be able to utilize the code one way or another. If you still want to hide the code as best you can, try using Google Closure Compiler.

Shaz
  • 15,637
  • 3
  • 41
  • 59
  • Ok im looking at google closure. What is this? How is it suposed to be used? – Joricam Apr 19 '11 at 03:20
  • It's basically a code minifier. Take a look at: http://closure-compiler.appspot.com/home – Shaz Apr 19 '11 at 03:27
  • yes, its just the same thing like the other obfuscators/whatever, its just that this is made for making code run faster from what I understood – Joricam Apr 19 '11 at 03:35
0

I'm on board with the sentiment expressed by others on this thread: You're wasting your time; what you're trying to protect has very little value and is hard to protect.

To answer your question, however: Use flash or silverlight or some other such technology and put all of your code server side.

Esteban Araya
  • 29,284
  • 24
  • 107
  • 141