I agree with all you say, but what annoys me, are the requests for new features in FB to enable reverse engineering. Obfuscating my javascript code will make it more difficult for people to steal it. If you look at the source-code of this page and than click on the link to the javascript library, have a look at the "unintelligible" string of code, you will probably say: it is too much effort to find out how it works. If then Firebug has capabilities to nullify this, FB goes one step too far. But a security-hole in a previous version does not mean that it should not be plugged. If the code is complex enough to need protection, an outsider will have difficulties to understand it. He may look at the code, understand how certain functions work, but not the full interaction and dependencies of all the functions, especially if they are spread over a number of modules. I have no objection to someone looking at my code to learn from it, but if I would find someone selling my code as his own, I would crack down on him.
There is always a logistical problem, especially if you have relatively little space on the server and a lot of data: Do I have a private site for testing with fully legible and annotated code and obfuscated one on the public site, or do I have just one site and risk someone stealing my code. As you say, if someone knows his way how to get to the code, he will get it, but that is no argument against building some easily implementable measure into Firebug, that would try to ensure that only authorised persons can use FB on that site. Perhaps even looking at the source-code may not be quite legal. Some clever lawyer could make a case for having this banned. With this in the pocket, one could force the other browser developers to implement such things too. On Jul 6, 7:56 pm, Trevan Richins <trich...@omniture.com> wrote: > > The security of proprietary code IS a legally binding obligation for > > such programs. Without that FB could even be classified as spyware and > > its authors could be prosecuted. > > This is what MUST be avoided. I love Firebug (although I have not used > > it for the last few month) and I would not like its developers get > > into trouble because some thiefs or saboteours. > > Because knowing how the hidden javascript operates, you could > > circumwent the safety measures programmed there. . > > And one more thing. You should NEVER use javascript as the only security > measure. I hope you know that already, though, since you've been in this > profession since 1962. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Firebug" group. To post to this group, send email to firebug@googlegroups.com To unsubscribe from this group, send email to firebug+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/firebug?hl=en -~----------~----~----~----~------~----~------~--~---
