如何混淆(保护)JavaScript? [英] How can I obfuscate (protect) JavaScript?
问题描述
我想创建一个非开源的JavaScript应用程序,因此我希望学习如何模糊我的JS代码?这可能吗?
I want to make a JavaScript application that's not open source, and thus I wish to learn how to can obfuscate my JS code? Is this possible?
推荐答案
混淆:
尝试 YUI Compressor 。它是一个非常受欢迎的工具,由Yahoo UI团队构建,增强和维护。
Try YUI Compressor. It's a very popular tool, built, enhanced and maintained by the Yahoo UI team.
您也可以使用:
- Google Closure Compiler
- UglifyJS
私人字符串数据:
将字符串值保密是一个不同的问题,混淆不会带来太大的好处。当然,通过将您的源代码打包成乱码,缩小混乱,您可以通过默默无闻轻松地使用安全性。大多数情况下,您的用户正在查看源,并且客户端上的字符串值是供他们使用的,因此通常不需要那种私有字符串值。
Keeping string values private is a different concern, and obfuscation won't really be of much benefit. Of course, by packaging up your source into a garbled, minified mess, you have a light version of security through obscurity. Most of the time, it's your user who is viewing the source, and the string values on the client are intended for their use, so that sort of private string value isn't often necessary.
如果你真的有一个你从未想让用户看到的价值,你会有几个选择。首先,您可以进行某种加密,在页面加载时解密。这可能是最安全的选择之一,但也可能是许多不必要的工作。你可以对base64编码一些字符串值,这会更容易..但真正想要这些字符串值的人可以轻松解码它们。加密是真正阻止任何人访问您的数据的唯一方法,大多数人发现它比他们需要的更安全。
If you really had a value that you never wanted a user to see, you would have a couple of options. First, you could do some kind of encryption, which is decrypted at page load. That would probably be one of the most secure options, but also a lot of work which may be unnecessary. You could probably base64 encode some string values, and that would be easier.. but someone who really wanted those string values could easily decode them. Encryption is the only way to truly prevent anyone from accessing your data, and most people find that to be more security than they need.
旁注:
众所周知,Javascript中的混淆会导致一些错误。该混淆器越来越它好一点,但很多衣服决定他们看到足够的好处的缩小文件和 gzip压缩,然后混淆的增加储蓄的不永远值得的麻烦。如果您正在尝试保护自己的源代码,也许您会认为这是值得的,只是为了让您的代码更难阅读。 JSMin 是一个不错的选择。
Obfuscation in Javascript has been known to cause some bugs. The obfuscators are getting a little better about it, but many outfits decide that they see enough benefit from minifying and gzipping, and the added savings of obfuscation isn't always worth the trouble. If you're trying to protect your source, maybe you'll decide that it's worth your while, just to make your code harder to read. JSMin is a good alternative.
这篇关于如何混淆(保护)JavaScript?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
