Menu
Actually I'm developing a Chrome extension and a jQuery plugin to upload it and sell it on Codecanyon. When I "Inspect source" of the page and I click on the "Resources" tab, the javascript file looks empty. How does Codecanyon do that? I want to have file theft prevention in my own website too, but I don't know how to do it. I know php and javascript and there's no method to do it, because the browser downloads the file to execute it.
You can see the example here.
262
1) You can use an ajax script injection. This is deters theft because the same domain policy which prevents XSS will make the client side script difficult to run elsewhere. 2) You can obfuscate your code using any free online obfuscator.
Since JavaScript code isn't compiled into native code, apps built with this language are even more susceptible to code theft than traditional mobile apps.
In short, JavaScript client-side applications are not 100% safe. The main reason is that there is no full control of the client-side as it is executed in the browser. Those with advanced skills can have access to critical information on the frontend and expose vulnerabilities.
If you see it's empty, it means that it's empty. There is no way to hide your javascript code from a client that must execute the code.
27
You cannot hide it because your browser needs it to perform it. Simple as that.
You need to understand that it is a script executed on the client side. It is not compiled (meaning it's not a binary (0 and 1 machine language)). So it is freely readable.
Nevertheless you can obfuscate it using tools like YUI compressor
Basically this kind of tools remove extra spacing, tabs line returns and rename methods (like method "a" standing for "MyShinyMethodWhoMakesNiceStuff") and variables. That makes it very difficult to read and understand code. Reverse engineering is thus harder to achieve.
Some uses some tricks like base64 or other encode and decode part of code with a function but it's only tricks and will not fool the sharp eye.
By obfuscation, you make people spend much more time in analyzing your code and stealing is thus much more complex, and takes time. Let's say you made a nice javascript plugin that makes every white background in purple (ok, not so great example but used it just for having an imaged example). Somebody might want to steal it and makes it blue instead of purple. If code is obfuscated, he might think that's easier to copy your idea and rewrites it on his own with his own code and blue background, it will takes him less time than reverse engineers and understanding wells yours, easier to maintain in the time too. In the end he will "only" "steal" your idea but not your code.
I think that in the end, it's just a matter of time.
51
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
