开发者

how to protect client side codes

is there any open source tool to encry开发者_开发知识库pt or hide the client side code.... is it possible....??? i need to encrypt php,html,java script//


PHP is not client-side code, so no worries there.

As for HTML and JavaScript, don't bother; in order for it to be usable on the client side, it has to be "decryptable" on the client side, which would render any encryption/obfuscation moot. Not going to happen.

If you're developing web applications, get used to the idea that everybody can see your HTML, JavaScript, CSS, cookies, and anything else that loads into the browser.

Trying to protect code in this way is ultimately a wasted effort anyway, even if it were possible to do; for an experienced developer, it's often if not always harder to read somebody else's code than it is to write your own. If somebody wanted to steal your idea, then everything they need to know can likely be inferred from the functionality of the site (i.e. reverse-engineering). The code is not even necessary.


Someone clever once said:

"If you don't know how to protect your code, you have nothing worth protecting."

True words.


PHP is on the server side, and thus not accessible. You cannot hide or obfuscate HTML. You can obfuscate client-side javascript using something like the YUI Compressor.

But honestly, very little chance that you are doing anything in javascript that is a) a trade secret, and b) anyone will care about stealing. And if there is, you have copyright law on your side ... if someone steals it you can easily look at their source code and prove that they stole it and sue them ;-)


You can run your javascript though a obfuscator ( http://www.javascriptobfuscator.com ), however it is possible to reverse this. If it's able to be understood by the browser then it's possible to be reversed.


Depends on what you mean by encrypt. HTML and Javascript need to be able to be parsed by the browser, therefore the client can always see them. PHP is a server side language, which generates the HMTL (and possibly javascript) sent to webpage visitor, the visitor never sees the php.

Javascript and HTML can be minified and obsfucated, to be confusing, but still viewable.

If you are transporting sensitive data and need to protect it, you should use HTTP over SSL, also known as HTTPS. This is the same mechanism banks use to protect their clients when they login to view their accounts.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜