javascript缩小的安全性是什么 [英] What is the security of javascript minification

问题描述

所以很长一段时间以来，我一直假设，虽然它确实提高了性能，但我们缩小 javascript/css 的主要原因之一是对其进行一些混淆，以便更难逆向工程.

So for a long time now I have been under the assumption that, while it does performance gains, one of the primary reasons we minify javascript/css is to give a modicum of obfuscation to it so that it is harder to reverse engineer.

然而，我的一个朋友刚刚向我展示了这不仅是可能的；但在缩小的 javascript 和 css 上反向缩小非常简单.

However a friend of mine just showed me how it is not only possible; but extremely simple to just reverse minification on minified javascript and css.

所以我的问题是 - 除了性能提升之外，还有什么意义?有没有其他实际方法可以保护 javascript 免于直接从您的网站被盗?

So my question is - other than performance gains, what is the point? Is there any other actual way to protect javascript from being simply stolen right from your site?

推荐答案

Javascript 缩小主要是为了提高性能.缩小后，脚本大小减少 25% 以上的情况并不少见.最重要的是，一些压缩器/编译器也会稍微混淆您的代码，将函数和变量重命名为不太明显的名称.

Javascript minification is done primarily to increase performance. Upon minification, it's not uncommon to see >25% reduction in script size. On top of this, some minify-ers/compilers will obfuscate your code a little as well, renaming functions and variables to less obvious names.

正如您所指出的，它始终可以是未缩小的或漂亮的，但由于 Javascript 是一种非编译的客户端语言，因此您无法采取很多措施来保护您的 javascript.

As you've pointed out, it can always been unminified or pretty-printed, but since Javascript is a non-compiled, client-side language there isn't a whole lot you can do to protect your javascript.

请参阅关于 javascript 混淆的此链接.

See this link on javascript obfuscation.

如果您有专有代码或您真的不希望用户看到的代码，则必须将其保留在服务器端.考虑将其迁移到服务器端语言，例如 PHP、Python、C 等，并通过 Web 服务公开这些功能.

If you have proprietary code or code you really don't want users seeing, you'll have to keep it server side. Consider moving it to a server side language such as PHP, Python, C, etc and expose the functions via web services.

这篇关于javascript缩小的安全性是什么的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！