0

I have more css and js file, I'am afraid the code is not secure, but I got an solving from another people to make my css and js file is secure, they say "you must compress the file becomes .min". I think can I make my all css and js file into .min? And is it normal to change all my css and js file into .min to secure all my css and js file? Thank you.

Alif
  • 93
  • 7
  • 3
    Possible duplicate of [What is the security of javascript minification](https://stackoverflow.com/questions/22669754/what-is-the-security-of-javascript-minification) – Phil Mar 06 '20 at 01:41
  • Let me get this straight. You are sending your entire application to the Browser, its source code, and the browser has to be able to read, understand and execute that code. The best you can do is obfuscate your code. But with every measure you take to "encrypt" your code, you need to include the decoder into the script. – Thomas Mar 06 '20 at 01:55
  • What decoders should I include? – Alif Mar 06 '20 at 02:07
  • 1
    I think you need to take a step back a define what you mean by secure. Are you talking about people "stealing" your code or are you talking about your site being valuable to malicious attackers? – volt Mar 06 '20 at 02:12
  • I want secure my code for something like that, people stealing, malicious attacker, etc. – Alif Mar 06 '20 at 02:15
  • 1
    There are a lot of ways to make your code more difficult to read, but honestly it's pointless. Anyone determined enough will get to it. If you don't want people to look at your JS, server-side rendering is your best bet. I wouldn't bother with keeping CSS "secure". If you're concerned about your site being valuable then that's too big of a topic to cover in a comment, but I would recommend looking into CSP for a start. – volt Mar 06 '20 at 02:20

1 Answers1

1

Minification is not used to secure code, this is a missunderstanding. It removes whitespaces and compresses your code at best. This is purely done for performance reasons and has nothing to do with security.

Give it a try with your css or javascript at https://www.minifier.org/ and you'll see.

rx2347
  • 1,071
  • 1
  • 6
  • 26
  • oh I understand, minification only makes misunderstanding and doesn't make code is secure, how can I secure css and js? is it enough to use minification on my file? – Alif Mar 06 '20 at 01:57
  • 1
    minification is enough. you can't secure css and javascript code that gets send to a browser. – rx2347 Mar 06 '20 at 01:59
  • 2
    Just don't put sensitive info in your client side files. It's unclear what your motivation is to secure your files, but if someone really wants to get your client file and de-minify it, they will. Not a lot you can do to stop that. – mwilson Mar 06 '20 at 01:59
  • for example, I have a CRUD code, is it normal if I make that code become to minify? and then is it risk to make my code into a minify? – Alif Mar 06 '20 at 02:05