PDA

View Full Version : "Hiding" JS code



Bobafart
Mar 19th, 2007, 12:36 AM
is there a way to "hide" JS script links so that users cannot copy your JS code?

CFMaBiSmAd
Mar 19th, 2007, 12:51 AM
Short answer - NO.

This has been discussed many times in this (and all the other serious programming forums that I know of.)

Longer answer - because the javascript must be sent to the browser so that it can be executed by the browser, it will be visible at some point. No matter what you can think up to do to it to keep it from being viewed, must be undone for it to be executed, and it will be accessible at that point.

There are javascript debugging plug-ins for browsers that make this particularly easy.

vegu
Mar 19th, 2007, 11:00 AM
you can scramble it though, however that wont prevent anyone taking the script and copying it over to their website, especially when it is small, it just makes it harder for them to figure out what does what.

google javascript obfuscator or javascript scrambler if you want to look into this

Kor
Mar 19th, 2007, 11:07 AM
you can scramble it though, however that wont prevent anyone taking the script and copying it over to their website, especially when it is small, it just makes it harder for them to figure out what does what.

google javascript obfuscator or javascript scrambler if you want to look into this
For any "cipher" code there is a "decipher" one. Javascript was meant to be an open language, and the browser needs that, so that there is no serious way to hide/cipher a javascript code (as there is no serious way to prevent copy/paste of everything a web page displays)

SSJ
Mar 19th, 2007, 11:09 AM
No way to do this dude......

Bobafart
Mar 19th, 2007, 02:16 PM
the reason why I am doing this is because I am creating a browser based game.. I don't want peeps to cheat.

all of the security checks for the game (leveling up, buying items) are all done server side.. but even still I don't want people reading the code to give them hints on how to "hack" the server side stuff.

how do browser based games preventing cheating then?

vegu
Mar 19th, 2007, 02:48 PM
make sure you validate everything on the server side (what you seem to be doing already anyways) - it doesnt really matter if the guy looks through your client side code when everything is handled server side, but it does make it easier for him to find the leaks if there are any.

So - as long as youre doing it with javascript , no you cant hide it. You can make it harder by obfuscating it (this especially weeds out people less serious about it) but if someone is serious about hacking your game it wont really hinder them for long, so you gotta make sure everything is working on the server side, and thats a matter of time as much as it is a matter of good coding.

Kor
Mar 19th, 2007, 02:56 PM
make sure you validate everything on the server side (what you seem to be doing already anyways) - it doesnt really matter if the guy looks through your client side code when everything is handled server side, but it does make it easier for him to find the leaks if there are any.

So - as long as youre doing it with javascript , no you cant hide it. You can make it harder by obfuscating it (this especially weeds out people less serious about it) but if someone is serious about hacking your game it wont really hinder them for long, so you gotta make sure everything is working on the server side, and thats a matter of time as much as it is a matter of good coding.

Perfect advice. But only If Bobafart was interested in validation techniques, which I doubt. I might be wrong, but he might be interested in how to sell some javascript products, and, the same time, on how to protect them. My believe is firm: No way. If a javascript expert wants by all means to decipher a javascript code, he will do it by all means.

nexosis
Mar 19th, 2007, 03:16 PM
<script src="jssrc.js"></script>
that will at least help.

Kor
Mar 19th, 2007, 03:31 PM
<script src="jssrc.js"></script>
that will at least help.
What? Doctype is required, my friend, I strongly recommend you to reconsider your Sig

CFMaBiSmAd
Mar 19th, 2007, 04:08 PM
<script src="jssrc.js"></script>
that will at least help.Using an external javascript file, only takes a copy/past operation to put the file name onto the end of the URL in the address bar and anyone has got your .js file.