2

I want to change the JavaScript names in my application for additional security like facebook and google plus suring deployment.

Is there are an application or a library that can change the JavaScript file names and reference them in the my view (written in php) and JavaScript files.

EXAMPLE OF THE DESIRED EFFECT

Change this (Before Deployment):

In folder: js/myfunction.js

In file:<script type="text/javascript" src="https://mysite.com/myfunction.js"></script>

To this (After Deployment):

In folder: js/PuKJS78UyH.js

In file: <script type="text/javascript" src="https://mysite.com/PuKJS78UyHK.js"></script>

Improve this question
3
  • 3
    Don't bother. That has no effect on security, and will just make debugging harder.
    – user149341
    Commented Mar 23, 2012 at 0:19
  • 1
    I'm confused. All you're doing is renaming the folder and the js filename. How does this help security? If they could use the JS file as a test for trying to figure out your directory structure before they could still do it post-deployment.
    – Erik Reppen
    Commented Mar 23, 2012 at 0:46
  • Nobody can offer a constructive and meaningful answer until you tell us what goal you're trying to accomplish. Obscuring or mangling script file names doesn't improve security in any way. People can just look at what the current mangled name is in your HTML file and go fetch that file. PuKJS78UyHK.js has zero difference from myfunction.js. Whichever one is being used is in the HTML file and can be fetched and examined.
    – jfriend00
    Commented Mar 23, 2012 at 3:24

2 Answers 2

Reset to default
1

Instead of obfuscating and encryption you should think about optimization. Couple things that you could do:

  1. Combine all common JS files in one file (minimizes number of requests and also solves your problem - there will be no file names to obfuscate)
  2. Minimize JS - it's faster that way and takes less space (and in addition it becomes unreadable)

This tool looks like a good place to start: http://code.google.com/p/minify/

Improve this answer
0

You should not depend on JavaScript encryption. It is not safe, and might be hacked in a short time. Using sever side languages like PHP is much safer than JavaScript.

However, if you would like to perform a simple base-64 encoding in JavaScript, for which normal people will not able to read, you are lucky, it doesn't need any library. \(^o^)/

Just use btoa() for encoding, and atob() for decoding. Then you can create a <script> tag using the encoded URL.

Read more in MDN: window.atob

Example:

var txt = "myfunction.js";
var encode = btoa(txt);
var decode = atob(encode);
console.log( encode );  //return "bXlmdW5jdGlvbi5qcw=="
console.log( decode );  //return "myfunction.js" (orginal)

//Do whatever you want with the encoded text, like
$("<script src='/js/"+encode+".js' type='text/javascript'></script>")
    .appendTo("head");  //dynamically adding an script tag using jQuery

Demo: http://jsfiddle.net/DerekL/JWSUs/

Result:
result

Result from jsFiddle. You can see that "myfunction.js" is encoded to "bXlmdW5jdGlvbi5qcw==", which normal people will not be able to read.

Improve this answer
5
  • 1
    "which normal people will not be able to read." - normal people will not read your source code in the first place, and not normal people will be able to smell base-64 from across the room ;)
    – valentinas
    Commented Mar 23, 2012 at 0:42
  • Because what you suggesting is bad practice. Your solution will only clutter the main file with something that doesn't do anything and therefore doesn't need to be in the code. Also base64 was created to represent binary data in ascii, not to encode file names. There are plenty of tools which can replace references to files during deployment without any overhead. That's what google, fb and all the big boys does.
    – valentinas
    Commented Mar 23, 2012 at 0:59
  • I already stated that it should use sever side language for this kind of stuff, in the the beginning.
    – Derek 朕會功夫
    Commented Mar 23, 2012 at 1:37
  • Not arguing with that. Just saying that it's misleading to say that base64 could be used for encoding file names. It can contain "/" and can cause collisions in non-case-sensitive file systems: stackoverflow.com/questions/3945541/…. And in addition to that your example writes decoded file names to DOM, which defeats the purpose of it - anyone looking at the document using inspector would see decoded file names.
    – valentinas
    Commented Mar 24, 2012 at 3:36
  • Yea I agree with your point too, but I was just saying that he could use base64 for basic encoding purposes.
    – Derek 朕會功夫
    Commented Mar 25, 2012 at 6:04

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.