Is there some way to make Firebug not work at all on a website?
+6
A:
You could click on the Off button to disable it.
Or are you trying to prevent your users from running it? If so, good luck...
Justin Ethier
2010-05-20 20:46:48
+4
A:
Anything you send to the client, all your javascript, is open to whoever you send it to. Don't have anything there that you don't want people to see. There is no way to prevent someone else's browser from using Firebug, or a lot of other tools, to analyze your code. You could try to make your html, css, and javascript really bad, and that might slow them down! There are obfuscation programs to make it difficult to read. If you want to hide functionality, you'll need to have it happen on the server.
Patrick Karcher
2010-05-20 20:48:26
I love it and will upvote when I get more votes.
Josh
2010-05-20 21:31:39
+14
A:
If the performance of your website suffers when Firebug is enabled, you may want to display a warning, asking users to switch it off. You can easily detect if Firebug is enabled through JavaScript.
Daniel Vassallo
2010-05-20 20:48:33
+1, this is probably all your site can do. In addition you could try to log which users have it enabled, if it will cause your page to run slow, etc. At least then if they complain you can say, "well, if you had turned off firebug like we asked you to..."
Justin Ethier
2010-05-20 20:55:43
+8
A:
No. Nobody wants your javascript routines anyway. :-)
And if you're worried about unsecure code, you should rewrite your site to be secure instead of trying to hide its problems.
uosɐſ
2010-05-20 20:49:01
"My javascript routines" belong to the company I work for and my company wants the stuff we develop secured. No offence to you but your reply is both pretty useless and pretty arrogant.
William Calleja
2010-05-20 21:29:56
@William: tell your company that if they want something "secured", they should not put it on a public webpage.
Michael Borgwardt
2010-05-20 22:12:25
I was sincere in my offer of a useful perspective on a misinformed pursuit of "your company", erm, clueless app-dev managers. But no offense taken.
uosɐſ
2010-05-20 23:04:56
+4
A:
You could develop your site in Flash, Silverlight, or Java. Firebug will then be limited to displaying your base HTML.
I'm assuming you're worried about reverse engineering with FireBug.
Marcus Adams
2010-05-20 20:54:09
Unfortunately I can't do that, I need everything to be fully HTML. The sites I develop don't belong to me, but to the company I work for, thanks anyway.
William Calleja
2010-05-20 21:30:41
+11
A:
WARNING: EXTREME EVIL. NEVER EVER USE THIS CODE. Also, it won't deter someone who is resourceful.
setTimeout(checkForFirebug, 100);
function checkForFirebug()
{
if (window.console && window.console.firebug) {
while(true); //Firebug is enabled
}
setTimeout(checkForFirebug, 100);
}
EDIT: I figured I would provide an answer to the real question behind the question. The fact is, Javascript is an interpreted language and that interpreter is in the browser. This makes it literally impossible to provide Javascript that is both secure and runnable. The same goes for HTML and CSS. The best you can do is minify the Javascript to make it a little less easy to reuse. If the company in question really wants "secure" Javascript, you just have to tell them it's not truly possible.
Eric Mickelsen
2010-05-20 21:01:27
The easy workaround for this is to disable javascript before you load the page. This doesn't actually secure your code, but it may piss off your users. So like most evil things, it's also very stupid.
Eric Mickelsen
2010-05-20 21:10:18
Another workaround for this is to put `javascript:checkForFirebug=function(){}` in the URL bar before opening Firebug
Josh
2010-05-20 21:31:00
+1
A:
Ultimately, no, as the browser (in this case firefox) on their machine can choose to run whatever javascript (such as firebug) it wants to. You cannot prevent users from running it along with your website.
Zombies
2010-05-20 21:10:01
+3
A:
No, of course not. If Firebug is revealing something that you must prevent your users from seeing, then you are approaching this problem completely wrong. I am not trying to be rude or degrading, but attempting to block one particular program in an effort to fix a bug in your web application is about as logical as a bucket of steam. Firebug does nothing magical; I can do anything it does by writing some code. Having said that, there must be an underlying issue that you should be more concerned about.
Josh Stodola
2010-05-20 21:19:40
I never mentioned anything about bugs, my question is simple and straightforward. The underlying issue is that my company requested that any javascript code we develop is secured.
William Calleja
2010-05-20 21:31:46
@William No offense, but then your company needs to get a better grip on what "secure" means in this context.
deceze
2010-05-20 22:14:58
@William I don't know what your definition of straight-forward is, but your question literally screams **THERE'S MORE TO THE STORY**. Now I have a question. What does Firebug have to do with the "security" of your Javascript?
Josh Stodola
2010-05-21 00:47:25
+1
A:
if you want to protect your code, you could try encrypting your javascript source code
Mauro
2010-05-20 22:08:17
Note that encryption can be defeated by someone pretending to be a browser (possibly using rhino).
Kathy Van Stone
2010-05-20 22:34:48
correct, it will only make it a bit more difficult to get to, but ultimately if a pc can display it/read it/use it someone will be able to copy it.
Mauro
2010-05-21 07:22:57
+6
A:
If you want to hide your HTML/CSS/JavaScript from visitors, that is not possible. Even if one cannot use Firebug, one can simply view the HTML source code. Any external JavaScripts and stylesheets can be downloaded as the plain text files they are. Because HTML, CSS, and JavaScript are client-side technologies, that are downloaded as plain text and interpreted by the web browser, it is theoretically impossible to hide your code. The best thing you can do to make the code harder to understand, is to obfuscate it. See Wikipedia.
Andreas Rejbrand
2010-05-20 22:25:14
+5
A:
"My javascript routines" belong to the company I work for and my company wants the stuff we develop secured.
You do not secure stuff by lightly patting "hackers" on the fingers when they use one specific debugging tool. Try to prevent them from using the ultimate hacker tool: "View Source".
If it's out there it's out there. "Secure" means something different in this context. It means securing whatever important data you have by employing techniques that are impenetrable* even with full knowledge of the source code. The source code itself is not securable, and neither does it need to be.
*) "impenetrable" = difficult enough to subvert in a reasonable amount of time, nothing is 100% :)
deceze
2010-05-20 22:27:16
+9
A:
Ummm.... What does using Firefox (with or without Firebug) have to do with this?
I use IE and I can just as easily view your JavaScript. Likewise with Google Chrome. Hell, I can download your JavaScript when viewing your webpage on my Palm Treo.
Anything which can be accessed directly from a browser can be downloaded and analyzed at leisure. As others have said (better than I), JavaScript which runs on your website should be considered to be "open source". Find another way to do it (i.e. processing on your server) or accept that someone will hack in and look at it.
Mind you, are your routines so obviously good (in terms of what they do to your webpages) that a user will go to your website and immediately say "Hey, this is cool, I wonder how they do it?" If not, don't worry about it - most people won't be interested enough to try to look at your JavaScript.
You could try minifying your JavaScript, but that's not 100% going to stop someone who's determined. You could try encrypting it, but I've never tried. Or put a copyright notice in your JavaScript files, so at least someone else won't be able to subsequently pass off your work as yours without getting into legal trouble.
roryhewitt
2010-05-20 23:54:12