Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / August 2007

Tip: Looking for answers? Try searching our database.

obfuscate Javascript in Java and jsp files

Thread view: 
Enable EMail AlertsStart New Thread
Christine Mayer - 21 Aug 2007 12:13 GMT
Hi,

I am looking for a good javascript obfuscator - I found several on the
web, but I am looking for one that can also handle javascript in jsp,
html and java files - so I need a javascript obfuscator that handles
my entire java project.

Is there anything like that, preferable as a Eclipse plugin?

Thanks,

Christine
Reply to this Message
Andrew Thompson - 21 Aug 2007 13:21 GMT
....
>I am looking for a good javascript obfuscator - I found several on the
>web, but I am looking for one that can also handle javascript in jsp,
>html and java files - so I need a javascript obfuscator that handles
>my entire java project.
>
>Is there anything like that, preferable as a Eclipse plugin?

BwAHHH, AH, hah harr..

...You're joking, right?

<if not>
*Obfuscate* JS?  Are you on drugs?!

What is that supposed* to achieve?

* No it won't achieve anything of value to the deployer,
but it would probably be amusing to hear what you
*think* that might achieve...  ;-)
</if not>

Signature

Andrew Thompson
http://www.athompson.info/andrew/

Reply to this Message
Lew - 21 Aug 2007 13:28 GMT
> ....
>> I am looking for a good javascript obfuscator - I found several on the
[quoted text clipped - 17 lines]
> *think* that might achieve...  ;-)
> </if not>

Christine, underneath Andrew's caustic delivery beats a mentor's heart.

The question, rephrased to preserve ego, of what goal you aim to accomplish
(strategy) is important, compared to your stated question of what technique
(tactic) you currently plan to use to achieve that goal.

Obfuscating Javascript is a tactic, albeit a useless one, in service of a
larger purpose.  What is your purpose?

Since Javascript is interpreted by the browser (or other client agent), it
must appear in source form from the server.  The source could perhaps be
obfuscated slightly by silly tricks such as garbled identifiers, but keywords
and data cannot be, and DOM nodes must match what's in your HTML.  It is hard
to conceive of any Javascript "obfuscation" that would obscure more than an
insignificant portion of the code, and even harder to conceive of any useful
purpose for doing so.

Signature

Lew

Reply to this Message
Christine Mayer - 21 Aug 2007 13:54 GMT
Well,

plain simple, for 2 reasons:

a) performance

if(a==b)c=d;

uses less characters and thus uses less traffic and thus is faster
then
if(myNiceLittleVariable == myNiceLittleOtherVariable) {
   myNiceLittleOtherVariable2 = myNiceLittleOtherVariable3;
}

b) Making it at least HARDER to understand the code on the client side
(political reasons...)
For this reason, my team is currently using very short variable names
and they obfuscate the code by writting it stupidly, but I would
prefer to be able to understand the code myself, so I need to find a
way to make them write proper Javascript code every programmer can
easily understand. If I had such an obfuscator, they would still end
up with silly functions like "if(a==b)c=d;" but I could refactor
the code to make it more understandable.
Reply to this Message
Andrew Thompson - 21 Aug 2007 14:26 GMT
>b) Making it at least HARDER to understand the code on the client side
>(political reasons...)

I am suddenly 'right there with you' when you mention
'political reasons'.

I hope you fought long and hard against them, and warned
the deployers/owners of this system that they should really
remove their hands from their genitals* long enough to think
about what they are requesting/demanding.

* Intended, with all due, or undue (depending on your
perspective), sarcasm.  Tell them, from me, (should you
dare) that they are a bunch of clueless w.nkers that
should *hire* a clue (presuming they are not prepared to
trust the judgement of an apparently quite sensible
developer, yeah, *you*, who advises differently).

OK.. I realise this reply has not exactly progresssed
the thechnical point.  Just had to get that out of my
system.

Having said that, there are any number of tools can
be used to turn common JS into 'onbfuscated' JS -
try a search on 'obfuscate JS' or 'obfuscate javascript'
and you will probably see some useful tools.

These tools do not *prevent* people from reverse
engineering JS, but thay can make it so difficult that
it is easier and quicker to write the JS fresh, than
'interpret' the obfuscated JS

(Note that all this applies almost equally as well,
to Java bytecodes, which are *almost* as easy to
'reverse engineer' as 'any old' JS.)

..and did I mention that whoever specifies this
system, is a w.nker?  (just checking..)

Signature

Andrew Thompson
http://www.athompson.info/andrew/

Reply to this Message
Christine Mayer - 21 Aug 2007 15:06 GMT
Well, I am always fighting as good and hard as I can, but beeing the
"new guy", sometimes you just have to accept certain things...

However, your reply didnt' really help here - I know there are tons of
obfuscators, the problem is I need one that obfuscates not only the
javascript itself, but also all the javascript code in my jsp and Java
files - otherwise the code wouldn't be working anymore!

Example:

MyJavaScriptFileObfuscated.js

var a = 23; // this is myNiceLittleOtherVariable2

MyJsp.jsp:

<javascript>

  myNiceLittleOtherVariable2 = 42;

</javascript>

My NiceLittleJavaFile.java

write("<html><head></head><body>myNiceLittleOtherVariable2 = 42;");

So if I obfuscated "myNiceLittleOtherVariable2" to "a" in my
javascript files, all other files (Java, Jsp...)
would still try to access "myNiceLittleOtherVariable2" and this would
fail.

P.s.: Please don't tell me not to write html from Java files or to use
inline javascript in JSP files, thats another political reason...
Reply to this Message
Andrew Thompson - 21 Aug 2007 15:56 GMT
...
>P.s.: Please don't tell me not to write html from Java files or to use
>inline javascript in JSP files, thats another political reason...

OK.. I won't, but I will add that I know of no
solution to the technical side of the problem
as you have outlined it.

Perhaps the comp.lang.javascript gurus can help
you further, but it might help to ..pretend, that all this
was happening in pure HTML, and leave mention of
JSP out of it.

I do not mean that in sarcasm (quite contrary to the
tone of most of my replies to this thread).  It is just
that everything that can work (or fail) in JS in a JSP,
will work (or fail) equally as well in plain old HTML,
and the JS afficionados often demand you validate
the HTML* before they will take you seriously (with
any examples).

* They don't care if it is generated by JSP, ASP
or PHP.  All that is important is the HTML that is
written to the browser.

Signature

Andrew Thompson
http://www.athompson.info/andrew/

Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.