tags:

views:

625

answers:

7
Q: 

Encrypt jQuery javascript file

Hello,

I have a whole range of jQuery code, how do I stop users from seeing the actual code, or how can I encrypt the .js file.

Please suggest opensource

Thanks Jean

[edit] I don't want users to know how I have coded or copy my code

[edit] Once I use the base62 encode, can it be reverse engineered?

+1  A: 

You cannot prevent your users from being able to see the source code of a Javascript file : it's executed by the user's browser, which means it must be readable on the client side.

The "best" you can do it minify/obfuscate it ; see for instance the YUI Compressor, which exists to minify JS files (so they are smaller, and can be transferred faster), but also has some obfuscating functionnalities.

If will make you Javascript code harder to read/understand -- but someone really motivated will still be able to read it ; well, it will take some time and a bit of work, but it'll still be possible.

Pascal MARTIN  2010-01-26 11:36:45
+1  A: 

You just can't encrypt JavaScript that runs on the client machine. Browsers need the unencrypted code in order to execute it!

AndiDog  2010-01-26 11:37:12
+1  A: 

Try to pack the code with the packer: http://dean.edwards.name/packer/

This is not like code encryption, but it obfuscate the code.

mck89  2010-01-26 11:37:35
I downloaded the php packer, could you assist me in using the same.
Jean  2010-01-26 12:01:53
+3  A: 

Check out packer by Dean Edwards. It has the ability to encode your JS. You have to let your JS be world readable, otherwise a browser couldn't download it.

Jarrett Meyer  2010-01-26 11:37:52
the base62 encode, would be just fine i guess
Jean  2010-01-26 11:52:00
done, thanks, it seems to be working fine
Jean  2010-01-26 12:04:49
Using the base62 encode is a great way to get your script blocked by anti-virus tools and make your web page look like it's infected. Because the majority of scripts that are encoded like this are browser exploits, AV tools are very sensitive to false positives with such techniques.
bobince  2010-01-26 12:39:36
@bobince I tried the base62, the AV does not seem to have an issue, could you provide me of any AV that does. Thanks, it will be of great help
Jean  2010-01-27 05:59:14
You can submit to a service like virustotal.com to get an overview of what AVs think of a script. It will be highly dependent on what's in the script whether it triggers an FP, and it will likely change over time.
bobince  2010-01-27 19:10:58
+1  A: 

You can use google closure compiler

http://code.google.com/closure/

The Closure Compiler compiles JavaScript into compact code, it obfuscates the code, it can still be read but it will be hard to trace and will take time

Gerard Banasig  2010-01-26 11:39:39
+1  A: 

There is not really much point in encrypting your js file, everyone knows you can view the source code of anyone's website. I believe there are encryptors out there for javascript, but users will have to download the decryptor module to decrypt it. Also since the browser does need to interpret the code, it would probably not be that hard to circumvent.

You could obfuscate the code, but I would do this using a minification technique, and more for performance reasons rather that hiding the code, some obfuscators are more intrusive than others, but again, the code could be re-formatted, albiet the original variable names will not be recoverable.

Will Earp  2010-01-26 11:40:54
And as the encryption keys (and algorithm) to decryt the JS will be accessable by the end client any smart enough user could potentially work out how to decrypt it himself
saret  2010-01-26 11:45:14
A: 

This is the first thing I found, but it looks like it might do the job:

http://www.vincentcheung.ca/jsencryption/instructions.html

As others have mentioned though, the browser has to be be able to decrypt the code, so the user would also be able to (although it may be some work to do so).

You should look at obfuscation too, which will make the code much harder to reverse engineer.

http://www.javascriptobfuscator.com/Default.aspx

Mike Houston  2010-01-26 11:41:09

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases