1

How well can modern JavaScript obfuscation/minification tools protect my code from reverse engineering? Also, what obfuscation platforms are the best for preventing this? It seems it would be rather easy to make a program to deobfuscate code and make the process rather pointless.

If this is not something that is perfect, are there any solutions that rely on code being served remotely?

Premraj
  • 72,055
  • 26
  • 237
  • 180
Matt Bell
  • 341
  • 1
  • 10
  • 1
    Covered pretty well in http://stackoverflow.com/questions/29399/is-using-an-obfuscator-enough-to-secure-my-javascript-code and http://stackoverflow.com/questions/194397/how-can-i-obfuscate-javascript – Radu Aug 10 '11 at 03:07

1 Answers1

8

All you can do with obfuscation is make a determined hacker work more in order to borrow your code or understand how to use your code. You cannot prevent it if they are determined.

There are lots of programs out there that will de-minify code to make it readable or debuggable again. Removing all the meaningful variable names and obviously code comments does make it more work for someone to understand the code, but does not prevent a determined hacker from doing so.

Algorithms or trade secrets that must remain protected should not be in client-side javascript, but rather should be performed on a server with results put directly into the page or put into the page via ajax calls.

jfriend00
  • 683,504
  • 96
  • 985
  • 979