Hi Vishal I see the argument, and there’s a commercial project I came across just last week (ironically) at [1] that does exactly that.
IMHO the hard parts about implementing one is that most peoples obfuscation needs are probably met by typical minification, and as Tobias says there is risk of the process having a negative effect on your app. Minified code is hard to debug at the best of times, obfuscated code would be worse, and implementing a static parser that understand the subtleties of a language is no small task in the first place. I don’t want to put you off though, I’d be very interested to see what you find, either as existing open source projects or if you take it on yourself [1] https://jscrambler.com/ John From: Vishal <vsapr...@gmail.com> Reply-To: qooxdoo Development <qooxdoo-devel@lists.sourceforge.net> Date: Monday, 31 March 2014 10:46 To: qooxdoo Development <qooxdoo-devel@lists.sourceforge.net> Subject: Re: [qooxdoo-devel] How to hide my Application.js code in distributed app...how to distribute binary versions Hi John, That is true, I agree with what you have said. Given enough time and money (read as "dedication") ...almost everything is possible...for the dedicated. Nonetheless, following the same line of thought as above, we should, as designers of industrial strength commercial apps, make all possible efforts to extend the time and money required for reverse engineering, asymptotically to infinity. I was thinking of a contrib that can do this for QooxDoo specfically and JavaScript in general. As far as the case of browser seeing the javascript and so the user seeing it inturn is concerned....in this case, its running in a headless browser hosted inside a GUI window, so inspection tool options, such as "View Page Source", "View Page Info" or "Inspect Element", are NOT available. Will it still be possible for my user to see what is going on behind the user Interface...Am I looking at it too simplistically.... ?? Thanks and best regards, Vishal Sapre Thanks and best regards, Vishal Sapre --- "Life is 10% how you make it, and 90% how you take it" "बहुजन हिताय, बहुजन सुखाय (Benefit for most people, Happiness for most people.)" --- Please DONT print this email, unless you really need to. Save Energy & Paper. Save the Earth. On Mon, Mar 31, 2014 at 4:08 PM, John Spackman <john-li...@zenesis.com> wrote: > But at some point that BSON has to be decoded into Javascript in order for the > browser to run it, and if the browser can read it then so can a malicious > individual. OK it’s obfuscated, but there will be tools to help de-obfuscate > it. The bottom line is that you cannot prevent people from seeing what your > app does, given enough time and dedication. > > John > > From: Vishal <vsapr...@gmail.com> > Reply-To: qooxdoo Development <qooxdoo-devel@lists.sourceforge.net> > Date: Monday, 31 March 2014 08:34 > To: qooxdoo Development <qooxdoo-devel@lists.sourceforge.net> > Subject: Re: [qooxdoo-devel] How to hide my Application.js code in > distributed app...how to distribute binary versions > > > Hi Tobi, > > I agree with you 'mostly'. > > I guess one way to make it more opaque is to code numbers instead of strings, > when it comes to sensitive data about hardware that is being managed by this > front end app...I will try that out. > > For the sake of curiosity, however, it should be possible to pack all the > minified application code into a BSON object which gets pushed into a regular > javascript attribute of the top level script, and then at run time decode the > BSON into regular JavaScript and get the app going ? > > Better still, all users to push their own binary schema to create the binary > represenation. > > Any soul up for the challenge? :) > > Take care, > Vishal Sapre > > > Thanks and best regards, > Vishal Sapre > > > On Mon, Mar 31, 2014 at 1:12 PM, Tobias Oetiker <t...@oetiker.ch> wrote: >> Hi Vishal, >> >> Saturday Vishal wrote: >> >>> > Hello, >>> > >>> > My app involves distributing the qooxdoo client to the user, and I would >>> > like to hide my code. >>> > >>> > How to do this? >>> > >>> > I see that in build version, a single <folder_name>.js will be created and >>> > it will be minified as well. >>> > However, is there a way to convert all of this into a binary file. >>> > Something like BSON <http://bsonspec.org/>. >> >> I seriously doubt that anyone would go to the extent to reverse >> engineering your javascript frontend code ... I think all attempts >> at obfuscation will simply introduce more problems for you and your >> legitemate customers as things will fail in odd cases introduced >> by the modifications. >> >> cheers >> tobi >> >> -- >> Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland >> www.oetiker.ch <http://www.oetiker.ch> t...@oetiker.ch +41 62 775 9902 >> <tel:%2B41%2062%20775%209902> >> *** We are hiring IT staff: www.oetiker.ch/jobs <http://www.oetiker.ch/jobs> >> *** >> >> ----------------------------------------------------------------------------->> - >> _______________________________________________ >> qooxdoo-devel mailing list >> qooxdoo-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel > > ------------------------------------------------------------------------------ > _______________________________________________ qooxdoo-devel mailing list > qooxdoo-devel@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinf > o/qooxdoo-devel > > ------------------------------------------------------------------------------ > > _______________________________________________ > qooxdoo-devel mailing list > qooxdoo-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel > ---------------------------------------------------------------------------- -- _______________________________________________ qooxdoo-devel mailing list qooxdoo-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
------------------------------------------------------------------------------
_______________________________________________ qooxdoo-devel mailing list qooxdoo-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
