how do i hide or encrypt a java script?

[mkx]

I have a javascript and want to hide or encrypt the source of it. Whats the easist way to do this?

[leenks]

You don't.

[u-Bob]

javascript -> clientside.

you can only obfuscate it...

[emthree]

cheater!!!!!!!!!!1
You encrypt js w/ js..

[mkx]

im not cheating, i am hiding the script i paid $50 for from other's trying to steal it it

[Thurbs]

rewrite it into php and use config.inc to hide it =p

[gornyhuy]

you could also source it (script src=____) and then put htaccess restrictions on the src file so that the referrer has to come from your server.. That way they won't be able to read it inline and they wont be able to download the src file.

[Coyote]

Once upon a time, a long time ago, I ran accross a script that I wanted to view. When trying to 'copy' the script to a temporary location in order to view it, I instead got an error that I was not authorized. Even though the script appeared in the temporary internet directory I was unable to access it. I believe the server admin had apparently setup the htaccess to only allow the script from the host url.

At least on a winders box, you first have to copy the file from the temp inet dir to a location where you can view the content. That 'copy' attempt appears to retrieve the original file from the server, hence the htaccess solution. I don't know if this is correct because I never pursued it, nor tested it. But you rekindled my interest. I'd appreciate you lettin' me know if get it to work.

[mkx]

Quote:

Originally Posted by gornyhuy

you could also source it (script src=____) and then put htaccess restrictions on the src file so that the referrer has to come from your server.. That way they won't be able to read it inline and they wont be able to download the src file.

what htaccess commands should I put on it? i know what you mean about the server thing, can you post the code so I can add it to the .htaccess file?

[mkx]

bump 8

[woj]

you can't, anyone that's been on the internet for more than 2 days will be able to decrypt no matter what you do in 5 mins...

[mkx]

how about the htaccess command

[Theo]

Quote:

Originally Posted by woj

you can't, anyone that's been on the internet for more than 2 days will be able to decrypt no matter what you do in 5 mins...

wanna take a bet? lol

[sleazybunny]

whats the internet again ????

[gambino]

The definite answer is: there is no 100% safe method for encrypting or hiding your javascript or html code.
Why? These are scripting and markup languages which means that for any browser to understand, display and/or run them it MUST have the source, and if there is a way for the browser to get it, there sure is a way for a (experienced) user to get it!

However, this doesn't mean that you can't make code-stealing (much) more difficult:
1) You can use javascript to disable the right mouse button (easily disabled in some browsers)
2) You can use the .htaccess file to limit the referer (again, some browsers can fake the referer variable, or a simple php script will do the trick of fooling the server that the allowed referer was used)
3) You can encrypt your script using a javascript function, add the encrypted script along with a decryption function to your html, but have that function written 'escaped' and than just "eval(unescape(name_of_your_decrypting_function)); " -- If you want to see how this works look at the source of http://www.protware.com/e_demo.htm (Personally, I find this solution to take most time to 'break' especially is customized encryption script is used, but again a not so complex js will "decrypt" this in a snap)
...) can't think of any more right now

Using 1+2+3+... obviously is the best solution if you're willing to spend that much time on hiding the code. Besides, if you bought that code, there is probably hundreds of other sites where someone can find that code -- this is actually something the maker/owner of the code should worry about.

Regards

[woj]

Quote:

Originally Posted by Soul_Rebel

wanna take a bet? lol

I may have exagurated the 5 mins, but any javascript protection method can be cracked fairly quickly. Normally I would be willing to take a bet, but I don't really have time to mess around with it now.