• 0

Protecting/Hiding AngularJS Codes


Question

Hi,

 

Angular JS has been very useful to me lately and it's amazing how quick it makes web development. I am aware that Javascript isn't compiled, thus your Javascript codes or Angular JS codes are accessible to anyone with a web browser.

 

I really like how Angular works and actually love the fact that I can program most of my backend logic within Angular controllers, etc. But how do I protect proprietary codes or algorithm?

 

Currently, I'm making AJAX calls to a C++ binary/exe file to carry out a specific operation. This helps me protect the algorithm but I would love to compile the JS code to binary and no longer depend on C++, etc.

 

Any thoughts or ideas?

Link to comment
https://www.neowin.net/forum/topic/1255912-protectinghiding-angularjs-codes/
Share on other sites

7 answers to this question

Recommended Posts

  • 0

Run your code through a minifier to produce a .min.js file ?

 

Then use that in your production index.html page and you should be fine.

 

Be aware though of minified javascript code with Angular - you must have specified your dependencies properly otherwise things will break.

 

Plenty of info searching around for that though.

 

Also you dont want to be putting logic into Controllers - they are to be kept as lightweight as possible.

Put the logic into Services as they can be tested much more easily and this promotes code reuse over your application if required.

  • 0

Minify and also uglify your javascript. Search on google for techniques of doing both. It will mangle up your production scripts to where they won't be human readable anymore. Note that you're still not 100% secure that way since you still have working scripts exposed to the client and someone (quite smart with the proper tools) can still reverse engineer your codes to certain extent but for the most part you should be OK.

 

That being said, for very sensitive codes and algorithms it is sometimes best to leave them on the server. That's why as nice as JavaScript frameworks like Angular are, there still will always be the need to have a server in the back-end to perform certain sensitive tasks such as security, authentication and hiding protected algorithms...

  • 0
  On 07/05/2015 at 14:58, roosevelt said:

I really like how Angular works and actually love the fact that I can program most of my backend logic within Angular controllers, etc.

 

You mean frontend logic right?

 

  On 07/05/2015 at 14:58, roosevelt said:

Currently, I'm making AJAX calls to a C++ binary/exe file to carry out a specific operation. This helps me protect the algorithm but I would love to compile the JS code to binary and no longer depend on C++, etc.

 

There is not really a whole lot you can do with your JS, but to be honest I don't really see why it would be a problem anyway. I agree with what the others have said, If you have some new super amazing algorithm, chances are you only need to be using it on the backend anyways where this isn't a problem.

 

The only thing you can really do with JS is run it through a minifier which will mash up the formatting and naming of everything. It will look pretty unreadable to most people but that doesn't stop anyone from simply running it through a formatter (there is a pretty print function in Chrome's Developer tools) and things suddenly get a lot more readable. You don't get the variable names which good, but to be honest if someone is willing enough to try and work it out, they probably will.. .eventually.

  • 0

Minifying and uglyfying isn't gonna work, it's just going to rename the variables and function names but the code stays the same for anyone who want's to steal your code.

 

Front end stuff will always be something users can copy from your website, there's no way to protect yourself against that.

 

That's one of the many reasons why adobe flash was so succesful, it was able to include drm however you liked it.

  • 0

Security through obfuscation isn't security. You can't hide JavaScript code because it is compiled client side...

 

Move what you consider the most secret onto a server and call its output via APIs if you want to secure the code. Your client side code should be "dumb" and "thin" when you need to hide the details.

  • 0

Haha, yes you could say front end logic. Coming from cakephp MVC background, most of the things like rendering partials, handling routes, and dealing with arguments, etc are all handled by PHP and processed at the server level. But with angular I don't even need a web server and I could create a fully functional application with dummy/local json files.

  On 07/05/2015 at 15:23, Mulrian said:

You mean frontend logic right?

There is not really a whole lot you can do with your JS, but to be honest I don't really see why it would be a problem anyway. I agree with what the others have said, If you have some new super amazing algorithm, chances are you only need to be using it on the backend anyways where this isn't a problem.

The only thing you can really do with JS is run it through a minifier which will mash up the formatting and naming of everything. It will look pretty unreadable to most people but that doesn't stop anyone from simply running it through a formatter (there is a pretty print function in Chrome's Developer tools) and things suddenly get a lot more readable. You don't get the variable names which good, but to be honest if someone is willing enough to try and work it out, they probably will.. .eventually.

This topic is now closed to further replies.
  • Posts

    • Clear Linux is open source, indeed, so its source code is available for anyone. They're just shutting down its support from them, they're not forbidding anyone else from taking over.
    • Linux Mint is also my favorite distro, but I fear what will happen with it if Clem were to disappear tomorrow, to be honest.
    • Yeah, I totally get your point, which is possible it could happen. I just hope there is a few people around him who are similar to where if they took over things would run pretty much the same. if not, then yeah, it could start to decline rapidly etc. but I figure something that's been around for a longer period of time with a decent backing, and probably more users than most Linux distro's (which I would 'imagine' Mint is one of the more used Linux desktop distro's by volume of people who use it), is less likely to just disappear. but like you said, nothing is guaranteed. but I do think you are probably right in that Clem is probably the core of what keeps Mint, Mint. I like how it tends to stay pretty much the same with some slight tweaks here and there (but is largely the same) instead of that crap some people go for with change for the sake of change trying to create a overly fancy interface and other unnecessary stuff etc. I also feel Mint keeps a nice balance of things out-of-the-box where it's not too bloated, nor too striped down. p.s. but I see Mint as a better Ubuntu basically. but I get your point like if it was more of a really serious choice of needing a 'safe bet' to use long term, then yeah something like official Ubuntu would be one of the better choices for sure given what you said with it being backed by an actual company which makes it a safer bet than Mint which is smaller and 'could' potentially be more fragile.
    • It’s in development so hopefully it’s improved upon before release.
    • For the 10th iteration they could have bothered with some design changes rather than just carrying over the 9's
  • Recent Achievements

    • First Post
      leoniDAM earned a badge
      First Post
    • Reacting Well
      Ian_ earned a badge
      Reacting Well
    • One Month Later
      Ian_ earned a badge
      One Month Later
    • Dedicated
      MacDaddyAz earned a badge
      Dedicated
    • Explorer
      cekicen went up a rank
      Explorer
  • Popular Contributors

    1. 1
      +primortal
      506
    2. 2
      ATLien_0
      209
    3. 3
      Michael Scrip
      202
    4. 4
      Xenon
      146
    5. 5
      +FloatingFatMan
      121
  • Tell a friend

    Love Neowin? Tell a friend!