如何保护CSS文件 [英] How to protect css files
问题描述
我看到了很多保护css文件的方法,但是它们都不是100%安全的,换句话说,很容易操纵该块并获取css文件.我想知道保护CSS的最佳方法是什么.
I saw a lot of methods to protect css files but none of them is 100% safe or in other words it is very easy to manipulate the block and get the css file. I was wondering what is the best method to protect css.
推荐答案
可以缩小CSS文件,例如javascript和HTML.对于这三个文件,都可以删除其空白以减小文件大小.对于CSS和Javascript(以及HTML中的类和ID名称),可以混淆它们的标记(这意味着,代替.nav-link之类的逻辑类名称,选择了像.bz0之类的毫无意义的名称).这样做的麻烦是它很难维护,因为必须在相关的HTML和Javascript中相应地更改CSS中的类和ID名称,以免混淆不会破坏任何内容.这通常会使对代码的混淆更加麻烦而不是好处(尽管,如果您有 GMail 查看其源代码,则会发现Google这么做了,尽管可以说是为了节省空间.
CSS files, like javascript and HTML, can be minified. For all three, their whitespace can be removed to reduce filesize. For CSS and Javascript (and class and id names in HTML), their tokens can be obfuscated (this means instead of logical class names like .nav-link a meaningless one is chosen like .bz0). The trouble with this is that it is very unmaintainable, because class and id names in CSS must correspondingly be changed the in relevant HTML and Javascript so that the obfuscation doesn't break anything. This typically makes obfuscating your code more of a hassle then a benefit (Although, if you have GMail viewing its source will reveal that Google does it, although this is arguably to save space).
但是,如果您有兴趣,请查看以下SO线程:用于混淆html和css
However, if you are interested check out this SO thread: tools for obfuscating html and css
最重要的是-无论是否使用混淆-浏览器必须能够解析CSS,这意味着它需要访问文件本身.不管是否被混淆,决心窃取您的CSS的人都可以这样做.虽然,我看不出为什么会有好处,因为CSS通常是特定于域的(意味着单个文件仅针对一个网站或一小部分网站制作).
Bottom line, though--whether you use obfuscation or not--is that the browser must be able to parse your CSS, which means it needs access to the file itself. And obfuscated or not, someone who was determined to steal your CSS could do so. Although, I wouldn't see why this would be beneficial because CSS is usually domain-specific (meaning individual files are only made for one website or a small subset of websites).
在您所有CSS文件的顶部,我都会礼貌地评论一下,我认为这可以起到威慑作用.
A nice touch that I think could act as a deterrent is a polite comment at the top of all of your CSS files.
/*
* #####
* #### _\_ ________
* ##=-[.].]| \ \
* #( _\ | |------|
* # __| | ||||||||
* \ _/ | ||||||||
* .--'--'-. | | ____ |
* / __ `|__|[o__o]|
* _(____nm_______ /____\____
*
* Hey you! Looks like you found our main css file through some l33t h4x0ry.
* You're welcome to give it a read-through if you'd like. But if you want to
* barrow something clever and use it in your projects we'd really appreciate a
* mention. Thanks!
*/
当然,您编写的代码是受版权保护的(我不是律师,所以不要拘泥于此),因此您可以尝试发布版权声明:
Of course, code that you write is copyrighted (I'm not a lawyer so don't hold me to that), so you could try putting a copyright notice:
/*
* (c) 2013 Your Company. All rights reserved.
*/
但是我认为这将被忽略.对话更多的信息可能会被更多地关注.
But I think that would be just ignored. The more-conversational message will likely be heeded more.
Jeff Atwood isn't a lawyer either, but he has way more experience than I do and according to his blog post on open source licenses:
没有许可证,默认情况下该代码受版权保护.人们可以阅读该代码,但是他们没有使用该代码的合法权利.要使用该代码,您必须直接与作者联系并征得其许可.
Without a license, the code is copyrighted by default. People can read the code, but they have no legal right to use it. To use the code, you must contact the author directly and ask permission.
这篇关于如何保护CSS文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
