![]() ![]() Granted, it won't give you much security but it'll definitely deter kiddies snooping around, and it'll create an impression of stronger security as a part of security theatre. What makes sense is this: Put your competitive code on the server to protect it, then obfuscate client-side code as much as you want. You seem to already know that obfuscation isn't actual protection, so I'm not gonna lecture you on security by obscurity. This is what you should be focused on with JavaScript, not worrying about whether someone will be able to read it or not. (See the Google Closure Compiler.) This is not necessarily how you'd obfuscate for security because the only goal is to minimize the number of bytes that have to be delivered to the client. Too your second question, do companies like Google obfuscate their JavaScript? Yes, but not for security! They obfuscate to minimize the size of the code, in order to reduce the download size and minimize the page load times. I'm quite confident that it hasn't happened, and isn't likely too. Commercial web software development companies nearly universally use JavaScript these days, obfuscated or otherwise, and I challenge you to find me even a single example of one that's had it's JS stolen by a competitor and then been driven out of business because of it. The reality is, the threat model isn't particularly realistic. I think the operative word in the question here is "afraid." The aversion is based on fear, not fact.
0 Comments
Leave a Reply. |