• 0

Protecting/Hiding AngularJS Codes


Question

Hi,

 

Angular JS has been very useful to me lately and it's amazing how quick it makes web development. I am aware that Javascript isn't compiled, thus your Javascript codes or Angular JS codes are accessible to anyone with a web browser.

 

I really like how Angular works and actually love the fact that I can program most of my backend logic within Angular controllers, etc. But how do I protect proprietary codes or algorithm?

 

Currently, I'm making AJAX calls to a C++ binary/exe file to carry out a specific operation. This helps me protect the algorithm but I would love to compile the JS code to binary and no longer depend on C++, etc.

 

Any thoughts or ideas?

Link to comment
https://www.neowin.net/forum/topic/1255912-protectinghiding-angularjs-codes/
Share on other sites

7 answers to this question

Recommended Posts

  • 0

Run your code through a minifier to produce a .min.js file ?

 

Then use that in your production index.html page and you should be fine.

 

Be aware though of minified javascript code with Angular - you must have specified your dependencies properly otherwise things will break.

 

Plenty of info searching around for that though.

 

Also you dont want to be putting logic into Controllers - they are to be kept as lightweight as possible.

Put the logic into Services as they can be tested much more easily and this promotes code reuse over your application if required.

  • 0

Minify and also uglify your javascript. Search on google for techniques of doing both. It will mangle up your production scripts to where they won't be human readable anymore. Note that you're still not 100% secure that way since you still have working scripts exposed to the client and someone (quite smart with the proper tools) can still reverse engineer your codes to certain extent but for the most part you should be OK.

 

That being said, for very sensitive codes and algorithms it is sometimes best to leave them on the server. That's why as nice as JavaScript frameworks like Angular are, there still will always be the need to have a server in the back-end to perform certain sensitive tasks such as security, authentication and hiding protected algorithms...

  • 0
  On 07/05/2015 at 14:58, roosevelt said:

I really like how Angular works and actually love the fact that I can program most of my backend logic within Angular controllers, etc.

 

You mean frontend logic right?

 

  On 07/05/2015 at 14:58, roosevelt said:

Currently, I'm making AJAX calls to a C++ binary/exe file to carry out a specific operation. This helps me protect the algorithm but I would love to compile the JS code to binary and no longer depend on C++, etc.

 

There is not really a whole lot you can do with your JS, but to be honest I don't really see why it would be a problem anyway. I agree with what the others have said, If you have some new super amazing algorithm, chances are you only need to be using it on the backend anyways where this isn't a problem.

 

The only thing you can really do with JS is run it through a minifier which will mash up the formatting and naming of everything. It will look pretty unreadable to most people but that doesn't stop anyone from simply running it through a formatter (there is a pretty print function in Chrome's Developer tools) and things suddenly get a lot more readable. You don't get the variable names which good, but to be honest if someone is willing enough to try and work it out, they probably will.. .eventually.

  • 0

Minifying and uglyfying isn't gonna work, it's just going to rename the variables and function names but the code stays the same for anyone who want's to steal your code.

 

Front end stuff will always be something users can copy from your website, there's no way to protect yourself against that.

 

That's one of the many reasons why adobe flash was so succesful, it was able to include drm however you liked it.

  • 0

Security through obfuscation isn't security. You can't hide JavaScript code because it is compiled client side...

 

Move what you consider the most secret onto a server and call its output via APIs if you want to secure the code. Your client side code should be "dumb" and "thin" when you need to hide the details.

  • 0

Haha, yes you could say front end logic. Coming from cakephp MVC background, most of the things like rendering partials, handling routes, and dealing with arguments, etc are all handled by PHP and processed at the server level. But with angular I don't even need a web server and I could create a fully functional application with dummy/local json files.

  On 07/05/2015 at 15:23, Mulrian said:

You mean frontend logic right?

There is not really a whole lot you can do with your JS, but to be honest I don't really see why it would be a problem anyway. I agree with what the others have said, If you have some new super amazing algorithm, chances are you only need to be using it on the backend anyways where this isn't a problem.

The only thing you can really do with JS is run it through a minifier which will mash up the formatting and naming of everything. It will look pretty unreadable to most people but that doesn't stop anyone from simply running it through a formatter (there is a pretty print function in Chrome's Developer tools) and things suddenly get a lot more readable. You don't get the variable names which good, but to be honest if someone is willing enough to try and work it out, they probably will.. .eventually.

This topic is now closed to further replies.
  • Posts

    • Report: Trump's T1 Mobile off to a rocky start with messy pre-orders by David Uzondu You might have heard by now that The Trump Organization, spearheaded by President Trump's sons, Donald Trump Jr. and Eric Trump, is launching yet another product to add to the collection. This time, it is a gold smartphone, the T1, and a companion wireless service. The whole operation is being pushed with the usual "America-first" bravado, but it seems they forgot to get the basics right. If you thought you could just hop online and secure your patriotic pocket computer, you are in for a nasty surprise, as the whole process appears to be fundamentally broken. A new report from 404Media details this chaos perfectly, as one of their writers tried to order one of the T1 phones. The goal was simple: pay the $100 preorder deposit and see what this thing is all about when it ships. What happened next was a masterclass in how not to conduct e-commerce. The website crashed, booted him to an error page, and then, for good measure, charged his credit card the wrong amount entirely, taking $64.70. And get this, he received a confirmation email saying his order would ship... despite never once being asked for his shipping address. It is, in his words, the "worst experience I've ever faced buying a consumer electronic product". To add insult to injury, when he tried to log into the new account, the site prompted him to create, and he was immediately met with yet another error page, locking him out. The shoddy experience is not just limited to the checkout. Neowin found a bunch of errors on the official product page. Sure, it boasts a big 6.8-inch Punch Hole AMOLED display with a 120Hz refresh rate and a 50MP main camera, which sounds nice on paper. But then you notice the company completely forgot to mention what processor powers the phone, which is probably a MediaTek. At one point, the page bizarrely listed a "5,000 mAh long life camera," though that has since been fixed. By the way, there's good reason to doubt that this phone will be made in America, despite the press releases insisting it will be. Sourcing all the necessary components without using foreign parts is unbelievably difficult and expensive, something even Apple does not do. The more likely scenario, according to Max Weinbach, is that this is simply a reskin of a much cheaper device, maybe the T-Mobile REVVL 7 Pro 5G, which retails at a fraction of the T1's $499 asking price. The T1 Mobile joins a sprawling collection of other products likely aimed at the same loyal customer. The catalog of gear for this audience already includes the gold "Never Surrender" sneakers, the "God Bless the USA" Bible, "Victory47" perfume, digital trading cards, $TRUMP memecoins, and more. It is still very early days, of course, and while one might forgive some teething issues for a new venture, this initial preorder phase has been exceptionally chaotic. Hopefully, things will become much clearer once there is a firm launch date and a physical product to test. Do you plan to buy the T1 and move to Trump Mobile?
    • Is this release set for the end of this year or for next year?
    • Windows 10 KB5063159 fixes bug that wouldn't let some Microsoft Surface devices boot by Sayan Sen Microsoft released Windows 10 Patch Tuesday updates for the month last week. The one for Windows 10 under KB5060533 / KB5060531 / KB5061010 / KB5060998 introduced a bug that would not let Surface Hub v1 devices start due to a Secure Boot validation issue. As such, Microsoft had paused the update similar to the compatibility blocks or safeguard holds it applies for major feature updates as well. This bug was uncovered after the update went live, as Microsoft later added it to the list of known issues for that update and it also put up a big notice in bold. It wrote: Earlier today, the company released an out-of-band (OOB) update to address the issue. It has been published under KB5063159 and is only being offered to Surface Hub v1 devices instead of the buggy KB5060533 Patch Tuesday one. In the description of the new OOB update, Microsoft writes: You can find the support article for KB5063159 here on Microsoft's website. It is downloaded and installed automatically but users can also manually download it from the Microsoft Update Catalog website.
    • I thought I saw that one, and yeah, it was awhile ago, too..
  • Recent Achievements

    • Week One Done
      korostelev earned a badge
      Week One Done
    • Week One Done
      rozermack875 earned a badge
      Week One Done
    • Week One Done
      oneworldtechnologies earned a badge
      Week One Done
    • Veteran
      matthiew went up a rank
      Veteran
    • Enthusiast
      Motoman26 went up a rank
      Enthusiast
  • Popular Contributors

    1. 1
      +primortal
      683
    2. 2
      ATLien_0
      268
    3. 3
      Michael Scrip
      184
    4. 4
      +FloatingFatMan
      177
    5. 5
      Steven P.
      140
  • Tell a friend

    Love Neowin? Tell a friend!