4

I have a whole range of jQuery code, how do I stop users from seeing the actual code, or how can I encrypt the .js file.

Please suggest opensource

Thanks Jean

[edit] I don't want users to know how I have coded or copy my code

[edit] Once I use the base62 encode, can it be reverse engineered?

Improve this question
2
  • Not quite. I learnt almost all programming not by school, but for the urge to learn. I looking for a person like you, to search, pull them up, sue the guys who steal my code or who trespass into my code, and find out the ways something is done. I am not offering an opensource application for me to give the code openly. Please, All I am asking here for a solution, to my question, not a 5 line philosophical read. Commented Jan 27, 2010 at 5:58
  • 1
    It was not my objective to give you a solution (that's why I commented, and not answered). I just wanted to give you some food for thought arising from my experience. Keep into account the impossibility of the task you want to achieve, and find the sweet spot where to put yourself and your code. Commented Jan 27, 2010 at 17:17

7 Answers 7

Reset to default
5

Check out packer by Dean Edwards. It has the ability to encode your JS. You have to let your JS be world readable, otherwise a browser couldn't download it.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Using the base62 encode is a great way to get your script blocked by anti-virus tools and make your web page look like it's infected. Because the majority of scripts that are encoded like this are browser exploits, AV tools are very sensitive to false positives with such techniques.
@bobince I tried the base62, the AV does not seem to have an issue, could you provide me of any AV that does. Thanks, it will be of great help
You can submit to a service like virustotal.com to get an overview of what AVs think of a script. It will be highly dependent on what's in the script whether it triggers an FP, and it will likely change over time.
4

You cannot prevent your users from being able to see the source code of a Javascript file : it's executed by the user's browser, which means it must be readable on the client side.

The "best" you can do it minify/obfuscate it ; see for instance the YUI Compressor, which exists to minify JS files (so they are smaller, and can be transferred faster), but also has some obfuscating functionnalities.

If will make you Javascript code harder to read/understand -- but someone really motivated will still be able to read it ; well, it will take some time and a bit of work, but it'll still be possible.

Improve this answer

Comments

2

You can use google closure compiler

http://code.google.com/closure/

The Closure Compiler compiles JavaScript into compact code, it obfuscates the code, it can still be read but it will be hard to trace and will take time

Improve this answer

Comments

1

Try to pack the code with the packer: http://dean.edwards.name/packer/

This is not like code encryption, but it obfuscate the code.

Improve this answer

1 Comment

I downloaded the php packer, could you assist me in using the same.
1

There is not really much point in encrypting your js file, everyone knows you can view the source code of anyone's website. I believe there are encryptors out there for javascript, but users will have to download the decryptor module to decrypt it. Also since the browser does need to interpret the code, it would probably not be that hard to circumvent.

You could obfuscate the code, but I would do this using a minification technique, and more for performance reasons rather that hiding the code, some obfuscators are more intrusive than others, but again, the code could be re-formatted, albiet the original variable names will not be recoverable.

Improve this answer

1 Comment

And as the encryption keys (and algorithm) to decryt the JS will be accessable by the end client any smart enough user could potentially work out how to decrypt it himself
0

You just can't encrypt JavaScript that runs on the client machine. Browsers need the unencrypted code in order to execute it!

Improve this answer

Comments

0

This is the first thing I found, but it looks like it might do the job:

http://www.vincentcheung.ca/jsencryption/instructions.html

As others have mentioned though, the browser has to be be able to decrypt the code, so the user would also be able to (although it may be some work to do so).

You should look at obfuscation too, which will make the code much harder to reverse engineer.

http://www.javascriptobfuscator.com/Default.aspx

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.