johnuk — 2010-10-24T12:20:46-04:00 — #1
I noticed on the "script" menu for firebug when I click "show static and eval scripts" you can see my entire JS code un-obfuscated by firebug. The default option is just "show static scripts" which shows my code as it is - obfuscated.
I was quite frankly horrified to discover this after shelling out on software to protect my work. Does anyone have any idea how I can stop firebug from showing this? Is it because im calling eval a couple times throughout the script?
immerse — 2010-10-25T08:23:35-04:00 — #2
You can't stop firebug from showing this. As Force Flow states, you cannot securely hide your JS code from visitors.
I'd suggest you ask for your money back.
To be honest though, if you don't want people reading your JS then you shouldn't really be publishing it on the internet...
lorenw — 2010-10-25T12:26:49-04:00 — #3
Firebug will show how it is actually rendered in a nice readable format. I found that out a few days ago trying to be sneaky
force — 2010-10-24T14:56:19-04:00 — #4
Obfuscated client-side code is only difficult to read--not impossible. Obfuscation can be reversible, as you've discovered. Compression also makes the code harder to read, but again, not impossible.
Encrypted source code, on the other hand, is not readable and must be decoded at runtime. Unfortunately, this is not available for client-side code--only server-side.