

Javascript obsfucation - ubudesign

I know that you really can't do this and I never had the need for it until now. This is a very important piece of code and even if I patent it I'm sure someone would copy it. so the other option is to make it difficult for people trying it. Normally I don't care if someone copies my js. usually I have lots of back-end code mixed in with the script that even if someone copies, it wouldn't function. so this is the first time I need this.<p>Anyone here can recommend methods for hiding javascript? I know there are tools out there that do it and I'm researching that but what else can you do?<p>I was thinking of breaking the code into smaller sections. and serve the code as an stream through a servlet on a per-request basis and change things depending on conditions etc...<p>What else would you suggest?
======
nostrademons
It's very hard to reliably obfuscate JavaScript because the language is
dynamic enough that you might refer to object fields or function names through
dynamically-computed strings. Any attempt to obfuscate these runs up against
the halting problem. So you have to rely on conservative approximations...

Packer (<http://dean.edwards.name/packer/>) will rename all local variables to
single characters, along with removing all whitespace and optionally base-62
encoding the text. It also has a compression scheme, but it's trivial to
defeat this by replacing eval() with document.write(). I think that's the best
you can do with any JavaScript-only compressor.

I should probably mention that even JSMin'd text is a real pain to go through.
Someone that's dedicated enough could do it (just like how people were
reverse-engineering the Google Maps frontend), but nobody wants to read
through a lot of code with no indentation.

Also, you're much better off with one large JSMin'd file than a bunch of
streamed sections. Aside from being simpler, it's more to look through.
Otherwise, people can sniff the stream through Fiddler or Analyzer and take a
look at _when_ segments are loaded, which often gives them more information
than they'd have otherwise. And re-indenting 500k is a lot more of a pain than
re-indenting a 500-byte segment.

------
utnick
if it is worth stealing, somebody will steal it. Its just the nature of client
side scripts

If it is really that amazing just write about it on your blog and get famous

~~~
axod
I disagree. If you're a clever programmer and can 'unobfuscate', you're likely
to be clever enough to write it yourself anyway.

Obfuscation is there to prevent non-clever programmers from stealing parts/the
whole source code, and it works.

------
Hexstream
If I were you I'd focus more on creating other nice stuff than trying to
protect something inherently impossible to protect (client-side javascript).

Look at it this way: you can try hard to protect it even though you're likely
to fail (as has been said, if it's worth stealing then it will be stolen), or
you can avoid wasting your time to protect it and do something else valuable.

Would you rather have 1 great thing and have a possibility of preventing the
1st one from falling in wrong hands or have 2 great things? You can't always
have everything. If your thing gets copied, you'll still have it. Also, I
wouldn't worry much about a competitor that has to rely on copying you to keep
up with you...

As a radical solution, you could publish the code and blog a lot about it, at
least this way nobody can claim they wrote the code themselves...

PS: Sorry for all the "thing"s...

~~~
ubudesign
good advise. I will do that anyway. I'm sure people that copy don't realy know
what they ar doing nyway

------
simplegeek
Measure the _time-to-market_ ness of the feature. Instead of obfuscating
JavaScript try spending your time to make the whole thing look as great as you
can. Developing something like _Basecamp_ is easy but I doubt something as
simple as Basecamp will be a success again--unless you improve it by an order
of magnitude.

------
xirium
Don't bother obsfucating. A good programmer could make equivalent
functionality without seeing a line of code. As an example, if you're familiar
with a spreadsheet application then you can code the core functionality
without reference to the original source. Is your script more complicated than
a spreadsheet?

~~~
ubudesign
actually one part of it is a datasheet and another a form designer like in an
IDE. I'm sure a good programmer would be able to re-create them. but they
would probably resort to some Ajax kit. I try that and for lots of reasons
wouldn't work or would be so heavy that it would become useless. So instead I
spend over 3 months (which is a lot for JS) and wrote everything from from
scratch. I guess my only hope is that the entire application becomes so good
(which is mostly backend stuff) that even if someone has the JS they couldn't
create the rest.

~~~
tjic
I know that everyone ("everyone") hates software patents.

Personally, I don't see what the difference is between patenting something
made out of atoms that accomplishes a task in a new way, and patenting
something made out of bits or memes that accomplishes a task in a new way.

If (a) you've come up with something new; (b) you're not morally opposed to
software patents; (c) you have ~ $5k ; (d) you'll be able to detect infringers
; (e) the infringers will have deep pockets, then a software patent might be
the right tool for the job. You can slap "patent pending" on long before the
patent is issued, and collect licensing fees from legitimate companies that
want to use your technology.

...all of which gets us back to the core point:

What is it that you hope to accomplish by obfuscating / patenting / whatever ?

A moral victory?

A competitive advantage for a few months?

Other?

Your answer to this question will dictate how you proceed.

~~~
ubudesign
The problem with patent is that large companies go out and copy what ever they
want and then turn around and patent it. I wouldn't mind if some small potato
took my code. Of course I wouldn't like it. but.. it would be really painful
if a larger company did it. And they do. There is not much inovation with
large companies. the good ones buy smaller compaines but some just take what
they want. from open source or where ever they get their hands on.

So yes i would be for patent if it wasn't such a bad system where if you have
moeny you could patent even things that don't belong to you.

~~~
daltonlp
That makes sense. I think you're better off using copyrights than patents. No
application process, and typical friendlier court procedures.

With a patent, you need to prove in court that your _idea_ was novel.

With copyrights, you just need to prove that you wrote your code first.

------
nreece
The Javascript Compressor ( <http://javascriptcompressor.com/> ) can compress
and obfuscate Javascript code.

~~~
ubudesign
Thanks I'll look into that.

------
axod
YUI Compressor works pretty well.

