Using PHP to Hide Javascript Source
Moderator: General Moderators
- tastywheat
- Forum Newbie
- Posts: 3
- Joined: Thu Nov 20, 2003 12:02 am
- Location: Texas
Using PHP to Hide Javascript Source
I want to use javascript on my site for navigation, but I don't want anyone to see the code. I could store my javascript in a .js file but they can still download it right? I know that I can put a php file as my source and it can generate the javascript code. Well, the problem is that they can still download this php file. What I'm getting at is, is there any kind of code I can add to a php file so it will produce a certain output only when downloaded?
Nothing that PHP can do i think.
What i would do is, put the Javascript in a .js file, then remove ALL formatting so that it is all on one line, change variable names so they do make sense to anyone apart from you.
Or
You can get programs that will encrypt the Javascript so that it still works but is unreadable.
Mark
What i would do is, put the Javascript in a .js file, then remove ALL formatting so that it is all on one line, change variable names so they do make sense to anyone apart from you.
Or
You can get programs that will encrypt the Javascript so that it still works but is unreadable.
Mark
Even encryption will not work. The problem with JavaScript is that its source must be available so the browser can read it clearly and execute the code. Any kind of encryption would require the browser to decrypt the code in order to execute it, which to my knowledge, is not readily available. This, sadly, is one of the downfalls of JavaScript.
I've actually seen some javascript that was encrypted, it worked fine too. It was supose to be this new script that no popup blocker could block the popup that it would launch. Maybe it was a java applet, but I don't know since I only read a breif description and It was encrypted of course.maniac9 wrote:Even encryption will not work. The problem with JavaScript is that its source must be available so the browser can read it clearly and execute the code. Any kind of encryption would require the browser to decrypt the code in order to execute it, which to my knowledge, is not readily available. This, sadly, is one of the downfalls of JavaScript.
This site is worth taking a look at, they claim to be able to encrypt HTML and JavaScript...
http://www.protware.com/default.htm
# Flexible encryption options:
* Encrypt html files, asp files, external script files(.js or .vbs), php and shtml files, framesets and style sheets (.css) files. You can also encrypt HTML-formatted email.
* Protect your images with Image Guardian - enhanced image protection.
* Encrypt only desired parts of html files.
* Two different methods of encryption
* - files encrypted with the default method work in all javascript-enabled browsers. You can also use the alternative, more fast and secure method for Internet Explorer 5.0 or higher only. Disable right mouse button.
* Disable showing link targets in status bar.
* Disable text selection.
* Prohibit offline use
* - your files will work fine when someone is browsing your site, but they will not work if they are saved and run from a local hard drive. Password protect your pages using either a basic or Ultra-Strong password protection.
* Prohibit linking your pages from other sites.
* Prohibit printing of protected files.
* Disable Clipboard & Print Screen ( for IE 5+ only ).
* Option only to compress HTML code(without encryption).
- tastywheat
- Forum Newbie
- Posts: 3
- Joined: Thu Nov 20, 2003 12:02 am
- Location: Texas
I tried that HTML Guardian thing before and it does a really good job of encrypting .js files. However, in my experience, it encrypts them so well that they don't work anymore. The html encryption works just fine, but the unregistered version adds a banner into the code. No, I won't buy the software either. I'd sooner resort to using flash for my website. I tried something using session variables but I kept getting errors. Or maybe I thought this could be done using the HTTP_REFERER value, but that all depends on the browser. I'm no expert with php, but isn't there some way you can tell if a file is being downloaded instead of just read? Or isn't there something I can do using .htaccess files? A friend of mine said that there's a way you can let files be read and not downloaded. We couldn't figure out how though.
you could always just make it REALLY REALLY hard, and use all of the above:
have a php file write the javascript code, and mask all the variables and put the code on one line so it is very very hard to read. then you can chmod the file so it can be executed but not viewed or downloaded. thats about the best you can get i think. also a nice little trick that i've seen is to add 'phantom code'. basically extra javascript commands that don't use time to execute, but just confuse those who are looking at it. i.e.
(this isn't javascript... but you'll get the idea)
i'm not sure what that does... and i just wrote it. so you get the idea
have a php file write the javascript code, and mask all the variables and put the code on one line so it is very very hard to read. then you can chmod the file so it can be executed but not viewed or downloaded. thats about the best you can get i think. also a nice little trick that i've seen is to add 'phantom code'. basically extra javascript commands that don't use time to execute, but just confuse those who are looking at it. i.e.
(this isn't javascript... but you'll get the idea)
Code: Select all
if ($useless)
if (!($useless2))
$useless2 = true;
if($useless)
$useless = false;
else
if (!(useless3))
$useless = true;