I noticed on the "script" menu for firebug when I click "show static and eval scripts" you can see my entire JS code un-obfuscated by firebug. The default option is just "show static scripts" which shows my code as it is - obfuscated.
I was quite frankly horrified to discover this after shelling out on software to protect my work. Does anyone have any idea how I can stop firebug from showing this? Is it because im calling eval a couple times throughout the script?
Obfuscated client-side code is only difficult to read–not impossible. Obfuscation can be reversible, as you’ve discovered. Compression also makes the code harder to read, but again, not impossible.
Encrypted source code, on the other hand, is not readable and must be decoded at runtime. Unfortunately, this is not available for client-side code–only server-side.
Note that obfuscation can lead to errors and bugs that browsers wouldn’t know how to interpret. Compression, on the other hand, is generally recommended for decreasing the size of javascript files.