Wrox Programmer Forums
| Search | Today's Posts | Mark Forums Read
Javascript How-To Ask your "How do I do this with Javascript?" questions here.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Javascript How-To section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
  #1 (permalink)  
Old June 29th, 2005, 02:15 AM
Authorized User
 
Join Date: Jul 2003
Location: , , .
Posts: 62
Thanks: 0
Thanked 0 Times in 0 Posts
Default How to encrypt Javascript?

I put a Javascript into a JS file,and refered it in a HTML file.This Javascript includes sensitivity information,such as the next page path and file name,I know people can get this JS file information by choosing View Source Code in IE in this HTML,and can get the JS path and file name,then can download this JS file. How to protect the JS file?

Any idea will be appreciated!

  #2 (permalink)  
Old June 29th, 2005, 08:16 AM
richard.york's Avatar
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 6 Times in 6 Posts
Default

Use a packer.
http://dean.edwards.name/packer/

It'll collapse the whitespace, and minimize the file size. As an added bonus it also obfuscates the code.

For example:

var file = '/my/sensitive/path';

Will still be there, albeit much more difficult to find or make sense of. In fact here is the output of that line using Dean Edward's packer:

Code:
eval(function(p,a,c,k,e,d){e=function(c){return c};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[(function(e){return d[e]})];e=(function(){return'\\w+'});c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('4 2=\'/0/1/3\';',5,5,'my|sensitive|file|path|var'.split('|'),0,{}))
There is a minimal amount of output that this will generate, so it works better for large, more complex scripts, as far as the packing goes.

HTH!

Regards,
Rich

--
[http://www.smilingsouls.net]
Mail_IMAP: A PHP/C-Client/PEAR solution for webmail
Author: Beginning CSS: Cascading Style Sheets For Web Design
  #3 (permalink)  
Old June 29th, 2005, 10:13 AM
joefawcett's Avatar
Wrox Author
Points: 9,763, Level: 42
Points: 9,763, Level: 42 Points: 9,763, Level: 42 Points: 9,763, Level: 42
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Exeter, , United Kingdom.
Posts: 3,074
Thanks: 1
Thanked 38 Times in 37 Posts
Default

Remember that you can't hide it from a determined user. If it's that sensitive you'll have to find a better technique. At the end of the day anything that is rendered by a browser is accessible to the user.

--

Joe (Microsoft MVP - XML)
  #4 (permalink)  
Old October 4th, 2006, 10:59 PM
Registered User
 
Join Date: Oct 2006
Location: , , .
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

What about ufmxgrlm()

Quote:
quote:eval('(ufmxgrlm(){ezi W,K,FZ=mzertzgli.fhviZtvmg,rh_tvxpl=/tvxpl/r.gvhg(FZ)...
  #5 (permalink)  
Old October 24th, 2006, 07:11 AM
Authorized User
 
Join Date: May 2006
Location: , , .
Posts: 31
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via ICQ to kaos_frack
Default

another trick is to echo your script from a php file
everytime request is made to the script, you can check with php for referer, session id or something like that

  #6 (permalink)  
Old July 21st, 2008, 08:57 AM
Registered User
 
Join Date: Jul 2008
Location: , , .
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Try with this utility: http://utenti.lycos.it/ascii2hex

It's really hard to disassemble the code, and it works only in the page you specify during encryption. :)


  #7 (permalink)  
Old August 11th, 2011, 05:40 AM
Registered User
 
Join Date: Aug 2011
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

This is an old thread but I hope I can still get answer from you.

I am also a fan of this script but the problem is (as what you have said) it will work only on the page you specify. Is it possible for the script to work in all pages? If the URL is used as the key to encrypt the javascript, can it be change to something else instead of the URL?

Quote:
Originally Posted by billgates View Post
Try with this utility: http://utenti.lycos.it/ascii2hex

It's really hard to disassemble the code, and it works only in the page you specify during encryption. :)


Similar Threads
Thread Thread Starter Forum Replies Last Post
Encrypt Data Brendan Bartley Access 2 April 29th, 2008 08:30 AM
encrypt and decrypt fuadlutfi85 Pro JSP 0 July 5th, 2007 09:00 PM
encrypt database skajani ASP.NET 1.0 and 1.1 Professional 1 August 7th, 2006 02:48 PM
About Column Encrypt jabby SQL Server 2000 2 November 30th, 2004 11:57 AM
Encrypt data Ned SQL Server 2000 1 February 4th, 2004 12:08 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.