Protecting source code

i have an insanely long solution, and when i say insanely long i mean it'll take 2 posts to get the whole code in, but most of it is just copy/paste into an include, and the rest is pure genuis.

People can't see server side html, right?

Nor can they see the source for data added AFTEER the page has loaded (Eg: document.getEle mentById.innerH TML="DSFSD";)

So i compiled my brains with ajax and sajax and php and made this:

Page loads -> Requests AJAX -> Runs PHP in bg -> PHP returns to ajax the hidden content -> AJAX rewrites the content of the target with the data to be hidden -> Hacker looks at source -> sees ORIGIONAL html, NOT updated html -> Pulls out hair -> Origional webmaster enjoys a safe code -> TSDN has to deal with a huge post -> Then someone kills me because i made a long list.

ok

thats it in a nutshell

tell me if your interested.

ummm what about the traffic? every refresh u use the server...
and for another issue that i want to be sure about
when u use ajax, and say generate a table or any other object.. other js function dont know this object id so i dont think its the right way to protect your code ( can someone currect me if i am wornge about the object id of html code returning from ajax cant be read from js function)

One way or another they will get your source code.

the internet, whether you like it or not, is pretty much open source, and i'm doubtful that you've never nicked a bit of code from someones site before. c'mon.. haven't you? Anybody?

Markus, the 'copy and paste kid', n00b!

nevrer took a code from a website im not supposed to, though i must admit i used some 'other' websites to obtain JS during my learning years, but now i write it myself.

i try to avoid every chance of copyright violation.

hi ...

may be someone is interested in this article ... another try to hide javascript-code ... and in any case: since the code is to be delivered to the client and the browser must read it ... there is no chance to hide it reliably even when you could make it harder to do! ... the simplest way i could imagine is to install the firebug-extension to firefox and have a look at everything i'm interested in ... it even shows the ajax-requests and the raw-response from there so even with that you couldn't hide something in a reliable way ... and in my opinion: you simply shouldn't try ... when you don't want someone to reuse your code ... then simply don't publish it. minify the code could make a sense for traffic but obfuscating/encode it ... whatfor? it just produces additional decoding operations ... and hurts performance ... my personal opinion is: just leave the code open source and let everybody see it ... format it in a useable way so that others could learn from it ... leave a comment about copyright or whatever in the script and i guess the 're-users' will leave it there ... simply let everybody read/reuse your code :) ...

kind regards

Did you put a copyright notice on the page?

If not, I suggest you do so.

You have legal remedies for copyright infringment, and violations of Intelectual property.

It is illegal to copy web pages, pictures from web pages, or steal "business processes or methods".

You will find however that most people stealing web site content, and layout are from outside the US and difficult to serve.

outside of that, there is little you can do to "prevent" transmissions from reaching a client, while also "allowing" said transmissions to reach a client.

Until someone builds a web browser that supports hidden code execution, and encrypted script transport.

I haven't seen one example that i could not circumvent in a matter of minutes. There is not likely to be one that is ever "fullproof" .

The thing with the copyright notice is that the person who uses it will just change your name to their's and change the date or whatever.

Just out of interest if you just use external js pages, can't you just add a .htaccess file with this in it:

then they will get a forbidden message when they try to view it. Would that work? I can't see why it wouldn't stop them.

Sam

This would in fact stop them, but it would also stop your browser from being able to read it.
A browser requests javascript files just as they do HTML files.

The simple fact is, people WILL be able to steal any and all client-side code no matter how you try to hide it.
If you want a browser to be able to read your client-side code, it MUST be available to the public. There is no cheating this fact.

AJAX won't hide your code, as it is simply a second HTTP request within a client-side script. The URL your AJAX call requests can be used just as any other URL's can be used.

Creating complex and confusing code in an attempt to alienate potential thieves may work, but it will also make it complex and confusing to you.

The only way to avoid getting your code stolen is to use server-side code that is hidden from the public.

Uuuuuuuuuuuuuuu uh!

What an exhausting read to get the bottom of this post! Atli is surely right. One of the fundamental drawbacks of JavaScript is that its out there at the mercy of the browser and the browser's owner!
So here we have a balance to try to strike: to get those extra functionalities and perks, you must 'risk' laying out your codes out there!
Come to think of it, original poster aren't you a little stingy? 'Cause a major concern for keeping code private is security. Yours is competition.
Anyhow, as they say in my country: No mind me jare! Maybe you'll soon breakthrough on this issue, and we'd all come away with our codes, box, lock and key.
Regards,
Ifedi.