0

I have this script that starts with <script> and finishes with </script>

People can actually see it if they go to the source code of the page.

Is there a way to avoid that? I mean to make that code invisible as if it where PHP?

Improve this question
4
  • 7
    No. JavaScript is executed by the browser (whereas PHP is executed by the server) and will always be visible to someone who wants to see it. The best you can do is obfuscate your JS. Commented Oct 22, 2011 at 21:58
  • You could obfuscate like Google does, which just makes it harder to "read". Why do want to do this anyway? Do you have highly valuable code? Commented Oct 22, 2011 at 22:00
  • 2
    No, but you could transfer all of your 'private' (or whatever) functionality to the server side php, and then use Ajax (just running the non-'private' stuff client-side). Commented Oct 22, 2011 at 22:00
  • Try this: stackoverflow.com/questions/6869312/… Hope this helps. Commented Nov 7, 2012 at 4:49

3 Answers 3

Reset to default
6

No, with normal JavaScript it is run on the client-side which means that it must be accessible to the user's browser running it. You can try obfuscating your code, or a newer technology like server-side JS (V8) But for traditional JavaScript it must be run client-side.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

@RosamundaRosamunda - You realize with a console in Firebug or Chrome I can see your video url if the browser can play it, right?
Yes, but I´ve got an Amazon account and I´ve planned to put an expiry date on the link... Hope that helps to prevent the hot linking...
5

Edit: Now that you've added a comment that says what you're actually trying to protect is the URL of a video (why don't people just say what they're really trying to do in their question?).

The answer is that you can't protect a video URL that you play in a web page. That can easily be seen lots of ways. Any of the browser debugging tools will show all network traffic to/from the browser which will easily disclose the video URL.

If what you really want to do is to prevent direct linking of the video, then there are some techniques (none of which are foolproof) you can use to prevent most directly linking. If you do a Google search for "prevent direct linking", you will find a lot of articles that discuss this concept. The two techniques I've seen used are:

  1. On your server that serve's up the video, check the http referrer and only server the video to referrers that you like. While the http referrer can be spoofed by a determined and schooled theif, just this simple step renders most direct linking by most users impractical.
  2. Require some sort of algorithmic parameter in the URL of the video before it will be successfully servered that your server can check. This can be derived from other content on the site and combined with a data reference or can be issued hourly by your site and embedded in a valid hosting web page, etc...

All javascript in your web page will be visible to anyone who wants to see it.

The only way to truly hide an algorithm is to put it on the server, execute it on the server and either put the result in the web page as it's rendered by the server or use an ajax call to retrieve it.

Because of the way Javascript works in the browser, the code must be available to the browser in order to run it. If it's available to the browser, then it's available to any person who wants to see it.

There are some things you can do to make it more difficult for people to see your javascript, but these are only obstacles that will slow someone down or make them take more time to understand your code, but they can all be overcome by anyone who has enough persistence to do so.

The simplest thing you can do is to minimize your code by running it through one of the free popular minimizer tools (Google Closure or Yahoo's minimizer and there are many others). These tools main goal is to reduce the size of your javascript code, but in the process they also make it a lot less readable by removing indentation, line breaks, renaming local symbols to something short and meaningless, etc...

There are also obscuration tools that purposely obscure your javascript code to make it more difficult to see/understand.

I repeat though. All of these tools can ultimately be defeated and the most they do to thwart a determined snooper is slow them down.

If you really want to protect an algorithm or trade secret or secret code or something like that, you have to put the algorithm on the server and have the code execute only on the server so that the browser can only see the result, not the actual code.

FYI, in most cases, it's never as important to protect your actual code as people think it is. Business success is not achieved by keeping secrets, but rather by getting known and by meeting the needs of customers at an appropriate price.

Improve this answer

7 Comments

My guess is, in most cases it would be impossible (say, for manipulating elements on the page) or not really a value-added proposition (the technique's or resource's it's obfuscating aren't truly valuable). For most people that want to do this, my guess is it's one of these two conditions, and they should probably not even bother.
@JaredFarrish - I agree. It's rarely worth worrying about. Much more important to worry about things that actually make your business successful.
Although video links could easily be found using debuggers some websites with paid video contents use techniques like requiring authenticated cookie to get the video resource link and then playing from that link, some use much more complicated methods like chopping the whole video into many parts and getting the video content by sending many requrests/responses from inside the video player. That way at least plugins like video downloader cannot buffer or download the video resource directly. If video is main part of business, it is a matter of concern to prohibit direct or unauthorized access
Thanks for your answer @jfriend00!!! Anyway, how about an expiry date? I´m using Amazon S3 and set the video as private, then use the Amazon CludFront program CloudBerry to set an expiry date of the link, so that way, people would be able to see it just for X days. How about that solution? I think it is easier... And yeah, it shouldn´t be such a big deal to make it "secret", I know. The thing is that the video is about an online course, and don´t want people to download it, at least not that easily.
Thanks for your answer @Bipins! I don´t know if I can make thet "chopping" thing. Is there a tutorial about how to do such a thing? A program to do that? How should I google that? "chopping video to prevent download"? Thanks!
|
0

JavaScript is a client-side scripting language, so it's not possible to hide it from the client. You could obfuscate it, but some clever people could deobfuscate it.

If you really want to hide your code, you could have the javascript call a PHP script through AJAX, although this may be server heavy.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.