Bob Hassinger wrote: > This famous quote comes to mind: > > "God grant me the serenity > to accept the things I cannot change; > courage to change the things I can; > and wisdom to know the difference." > > Rako, you are chasing a hopeless result. Even if you manage to get > Firebug to be less helpful, there will be another tool, and another, > and another. Firebug is only one of many tools even now. You can not > possibly plug up the holes as fast as they are developed. > > Security through obscurity can only give an allusion of protection > that diverts ones efforts that should go into measures that can really > ensure protection. > > Every end user has full and unlimited access to whatever you send to > their computer (including everything in referenced files like external > Javascript and CSS files), for as long as they want it. If a browser > can understand the code then a human can. Fundamentally there is > little difference between intentionally obfuscated code and just plain > old poorly written code. An interested person goes through the same > process to sort it out. In essence once you send it to them you have > given up any possible trade secret protection and your only real > option is copyright (or maybe patent). And still, enforcement of > those protections is only really feasible in major situations with a > lot of money involved. > > By its nature Javascript is just not the tool for you when you need to > hide your logic or coding, or provide security for your site/data. > You have to do it so that users never have access to it in any form - > say in host side processing for example. > > Consider the balance for this one: On one side we are looking at > widely beneficial capabilities many people will find very helpful. On > the other side you want those benefits denied to them so you can have > the illusion of restricting access to what can not really be > protected. I think the choice there is easy - one person's illusion > of gain, against the whole user communities's real gain. I suspect > that is a pretty easy call. > > > > > On Jul 9, 2009, at 4:10 PM, Luke Maurer wrote: > > >> You must be using a pretty wimpy obfuscator if a mere code formatter >> will undo it. If your IP is the big issue here, won't you be using >> something that does more than get rid of whitespace? Like renaming >> local and private variables to nonsense? That's not something that >> Firebug *could* undo, with or without DRM-style permission bits. >> >> - Luke >> >> On Jul 9, 11:56 am, Rako <mscam...@rakovszky.eu> wrote: >> >>> I agree with you, that there is no need for Firebug to "obfuscate" JS >>> code. >>> What I object, is the request to implement features that would >>> counteract the obfuscation created by the owner of the site. >>> What I suggested, is a method, through which owners of web-sites >>> could >>> allow/forbid the use of FB by strangers to "debug" their code. >>> I think FB should not try to display obfuscated code more legibly. >>> This would tantamount to try to decifer encripted data. >>> I have no objection to stand-alone programs to make obfuscated code >>> more legible, but as a feature of Firebug it would be criminal. >>> Would you like to have programs around that spy-out your passwords, >>> decript your private emails? I would not. >>> Please do not turn Firebug into Spyware. >>> >>> On Jul 8, 6:47 pm, Rob Campbell <robmcampb...@gmail.com> wrote: >>> >>> >>>> Rako, further obfuscation of JS code will never be a feature of >>>> Firebug. Most minimized JS is already quite obfuscated and, if >>>> anything, we'll produce a mechanism to display it more legibly, >>>> either >>>> by extension or with a feature. >>>> >>>> As for the Off vs [X] button, I really feel this was a bit of a >>>> wasted >>>> effort and a discussion that blew the issue out of proportion. Now >>>> we've implemented this change to appease a noisy few. Most users >>>> will >>>> learn that the [X] button means "Close / Off" after they've used it. >>>> It behaves similarly to how you'd expect a close button to work in >>>> any >>>> other area of Firefox or the OS. I, for one, will be glad to see the >>>> "Off" label go away as soon as possible. >>>> >>>> On Jul 7, 3:33 pm, Rako <mscam...@rakovszky.eu> wrote: >>>> >>>>> I do not rant. >>>>> I simply explain why is this extension/modification to/of the >>>>> activation needed. >>>>> Perhaps my reasoning offends you (are you one of the reverse- >>>>> engineers?), but it is not going to change my reasoning. >>>>> >>>>> On Jul 7, 12:34 pm, alfonsoml <aml...@gmail.com> wrote: >>>>> >>>>>> On Jul 7, 8:32 am, Rako <mscam...@rakovszky.eu> wrote: >>>>>> >>>>>>> I agree with all you say, but what annoys me, are the requests >>>>>>> for new >>>>>>> features in FB to enable reverse engineering. >>>>>>> >>>>>> Then place your rants in those threads. >>>>>> This is already too heated, please, don't mix unrelated things. >>>>>> > > > > > ummm i thought FB was suppose to do the opposite of obfuscation, like make code easier and faster to understand and debug. btw thats a great quote, every dev should know that by heart. M$ uses that secuirty paradignm and look where that got em, the most widely used, abused, and hacked piece of software known to man. Restricting access is the only way to keep things secure. Nothing is private that is on the web/internets. The simple fact of it being on the internet implicity makes it public. Obfuscating code only protects you from crackers who dont know what they are doing, and the chances of thsoe peopel crippling your system are pretty nile. generally all IP or protected logic gets coded as RPC services and your web app / site access these using some type of RESTful interface via AJAX/COMET. Then your code is actually protected by something, a firewall most likely.
kara --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Firebug" group. To post to this group, send email to firebug@googlegroups.com To unsubscribe from this group, send email to firebug+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/firebug?hl=en -~----------~----~----~----~------~----~------~--~---
