: Protect js code from being stolen I have developed an web app with jquery,html-css markup which would be an premium web app. So I have to ensure the security of the code from being stolen.But
I have developed an web app with jquery,html-css markup which would be an premium web app. So I have to ensure the security of the code from being stolen.But as all these are client side,so there is no 100% secure way to protect them.But I want to make them harder to steal.For this I did :
I have disabled the right click button of mouse
I have minified and obfuscated the code.
I have used js code to add external js file and obfuscated the code so that none can understand the name of the external js file
I have created a index.html file in the js folder so that none can get access the js folder
Do you think all these are enough to make stealing harder? Or any suggestion/advice for me?
More posts by @Smith883
4 Comments
Sorted by latest first Latest Oldest Best
I have solved my problem by injecting php in it.I have wrote an article on it - Ensure Security of JavaScript Code from being stolen.I have solved it by jQuery ajax, json and php. Here are some code snippet:
/*
code.js
*/
var temp;
function calculate(){
var a = $('#a').val();
var b = $('#b').val();
/*
var c = 10;
temp = (a + b)/c;
$("#target").html(temp);
*/
//Do above calculation on the server side
var dataString = 'a=' + a + '&b=' + b + '&c=' + c;
$.ajax(function(){
type : "POST",
url : "calculate.php",
data : dataString,
cache: false,
dataType: 'json',
success: function(data){
temp = data.temp;
$("#target").html(temp);
}
});
}
And php script :
if($_POST){
$a = $_POST['a'];
$b = $_POST['b'];
$c = $_POST['c'];
$temp = ($a + $b)/$c;
$data = array('temp' => $temp);
header('Content-type: application/json');
echo json_encode($data);
}
It's impossible to prevent your Javascript from being "stolen" because the code is served to the browser. To answer your specific points:
1. I have disabled the right click button of mouse
This will have absolutely no effect. No one will ever try to steal code using right click (heck, right click doesn't give access to anything in a browser anyway). So it won't prevent "casual thieves", let alone people who actually know what they're doing.
2. I have minified and obfuscated the code.
This is a decent step as it makes it much harder to understand exactly what the code it doing. However, there are are plenty of code "deminifiers" out there that will reformat the code nicely - albeit with unintelligible variable names.
3. I have used js code to add external js file and obfuscated the code so that none can understand the name of the external js file
If you load an external file at any time it is captured by browsers' developer tools (check the Network tab in Google Chrome). So this won't add any extra protection.
4. I have created a index.html file in the js folder so that none can get access the js folder
Again, this is worthless as anyone can see what JS file is loaded. Furthermore, "index.html" is a terrible way to prevent folder listing, it should be accomplished server-side (e.g. .htaccess file).
The real answer: you can't prevent Javascript theft at all. Minify and obfuscate to prevent any easy understanding of your code, but that's all you can do in terms of JS.
You may be able to move some of the logic to the server-side (and use AJAX in your app), which would of course prevent any users from using the JS without modification - they would need to replicate your server-side logic themselves.
And finally, don't forget that the Javascript code you write is already your property and copyrighted by you. If someone steals it they are breaking the law and you can seek legal action against them.
I have disabled the right click button of mouse
Don't do this.
There are valid uses for right-click that you are blocking in addition to (not) protecting your code. All you'll do is annoy everybody while doing absolutely nothing to stop the people who know enough to try and steal your code in the first place.
Use PHP to make the JavaScript only load if the user is authenticated (by premium subscription?)
I have created a index.html file in the js folder so that none can get access the js folder
What if they guess the file name? You should be using a .htaccess for this to do a Options -Indexes to disable directory viewing; it's foolproof.
But most web applications I know of/write use some sort of hypertext processor like PHP or ASP. The source to the actual functionality is entirely closed if it runs on a secure server. Who cares if someone steals the CSS/JavaScript if when they copy the "source" they get a non-functional copy? You could also get it copyrighted or patented if it's unique and innovative.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.