• 0

Protecting/Hiding AngularJS Codes


Question

Hi,

 

Angular JS has been very useful to me lately and it's amazing how quick it makes web development. I am aware that Javascript isn't compiled, thus your Javascript codes or Angular JS codes are accessible to anyone with a web browser.

 

I really like how Angular works and actually love the fact that I can program most of my backend logic within Angular controllers, etc. But how do I protect proprietary codes or algorithm?

 

Currently, I'm making AJAX calls to a C++ binary/exe file to carry out a specific operation. This helps me protect the algorithm but I would love to compile the JS code to binary and no longer depend on C++, etc.

 

Any thoughts or ideas?

Link to comment
https://www.neowin.net/forum/topic/1255912-protectinghiding-angularjs-codes/
Share on other sites

7 answers to this question

Recommended Posts

  • 0

Run your code through a minifier to produce a .min.js file ?

 

Then use that in your production index.html page and you should be fine.

 

Be aware though of minified javascript code with Angular - you must have specified your dependencies properly otherwise things will break.

 

Plenty of info searching around for that though.

 

Also you dont want to be putting logic into Controllers - they are to be kept as lightweight as possible.

Put the logic into Services as they can be tested much more easily and this promotes code reuse over your application if required.

  • 0

Minify and also uglify your javascript. Search on google for techniques of doing both. It will mangle up your production scripts to where they won't be human readable anymore. Note that you're still not 100% secure that way since you still have working scripts exposed to the client and someone (quite smart with the proper tools) can still reverse engineer your codes to certain extent but for the most part you should be OK.

 

That being said, for very sensitive codes and algorithms it is sometimes best to leave them on the server. That's why as nice as JavaScript frameworks like Angular are, there still will always be the need to have a server in the back-end to perform certain sensitive tasks such as security, authentication and hiding protected algorithms...

  • 0
  On 07/05/2015 at 14:58, roosevelt said:

I really like how Angular works and actually love the fact that I can program most of my backend logic within Angular controllers, etc.

 

You mean frontend logic right?

 

  On 07/05/2015 at 14:58, roosevelt said:

Currently, I'm making AJAX calls to a C++ binary/exe file to carry out a specific operation. This helps me protect the algorithm but I would love to compile the JS code to binary and no longer depend on C++, etc.

 

There is not really a whole lot you can do with your JS, but to be honest I don't really see why it would be a problem anyway. I agree with what the others have said, If you have some new super amazing algorithm, chances are you only need to be using it on the backend anyways where this isn't a problem.

 

The only thing you can really do with JS is run it through a minifier which will mash up the formatting and naming of everything. It will look pretty unreadable to most people but that doesn't stop anyone from simply running it through a formatter (there is a pretty print function in Chrome's Developer tools) and things suddenly get a lot more readable. You don't get the variable names which good, but to be honest if someone is willing enough to try and work it out, they probably will.. .eventually.

  • 0

Minifying and uglyfying isn't gonna work, it's just going to rename the variables and function names but the code stays the same for anyone who want's to steal your code.

 

Front end stuff will always be something users can copy from your website, there's no way to protect yourself against that.

 

That's one of the many reasons why adobe flash was so succesful, it was able to include drm however you liked it.

  • 0

Security through obfuscation isn't security. You can't hide JavaScript code because it is compiled client side...

 

Move what you consider the most secret onto a server and call its output via APIs if you want to secure the code. Your client side code should be "dumb" and "thin" when you need to hide the details.

  • 0

Haha, yes you could say front end logic. Coming from cakephp MVC background, most of the things like rendering partials, handling routes, and dealing with arguments, etc are all handled by PHP and processed at the server level. But with angular I don't even need a web server and I could create a fully functional application with dummy/local json files.

  On 07/05/2015 at 15:23, Mulrian said:

You mean frontend logic right?

There is not really a whole lot you can do with your JS, but to be honest I don't really see why it would be a problem anyway. I agree with what the others have said, If you have some new super amazing algorithm, chances are you only need to be using it on the backend anyways where this isn't a problem.

The only thing you can really do with JS is run it through a minifier which will mash up the formatting and naming of everything. It will look pretty unreadable to most people but that doesn't stop anyone from simply running it through a formatter (there is a pretty print function in Chrome's Developer tools) and things suddenly get a lot more readable. You don't get the variable names which good, but to be honest if someone is willing enough to try and work it out, they probably will.. .eventually.

This topic is now closed to further replies.
  • Posts

    • I really miss adding folders as toolbars to the task bar. It was my major productivity loss.
    • This will just encourage China to take over Taiwan.
    • Microsoft locks Windows 11 user out, shows how easy losing data from forced encryption is by Sayan Sen Back in March earlier this year, a new redesigned Microsoft Account sign-in was released with the intention to make it "more modern, simple, and secure." Microsoft also probably hopes that the revamp will help win some hearts since many dislike the Microsoft Account (MSA) quite a bit as they are forced to use the service during Windows 11 installation. Yes, signing in to the MSA is one of the several system requirements for Windows 11, and it is also the recommended way and it clearly does not like it when users opt for a Local account instead. Microsoft often highlights the benefits of an MSA as it points out the unified access users get across devices and services like Windows, Office, OneDrive, and Xbox, which can help in synchronization of files and settings for convenience. A Microsoft Account also stores the BitLocker encryption key which is crucial thing that all users who have encryption need to store securely. Back in May this year, we covered reports of users losing their data as a consequence of BitLocker key loss, and this is a real danger for many, given that Microsoft now enables automatic BitLocker encryption on Windows 11 24H2, that most users won't even be aware of. So in the case of loss of access to a Microsoft Account, an affected user can suddenly find that they have lost all their data and there may be no way to recover it according to Microsoft's terms. Such account lock-outs can happen as a Reddit user deus03690 found out. The frustrated user claims that Microsoft apparently "randomly" locked their account when they were dealing with multiple data drives. They explain: The user has good reason to be annoyed and frustrated at this, Microsoft's own official guidance about the Account lock says: "If you tried to sign in to your account and received a message that it's been locked, it's because activity associated with your account might violate our Terms of Use." The Terms of Use for MSA explain how Microsoft deals with a closed account. It states: Thus, this shows how users can be pretty much helpless if they get locked out of MSA or lose access to it. It also shows how over-reliance on cloud services on Windows 11, something which LibreOffice recently pointed out, can lead to additional data nightmares like losing all of your data due to forced BitLocker encryption that you may not even be aware of was there in the first place. The solution? Consider keeping your important data backed up locally on internal or external HDDs and SSDs or NAS solution, as only cloud storage is probably not the best decision.
  • Recent Achievements

    • Week One Done
      rozermack875 earned a badge
      Week One Done
    • Week One Done
      oneworldtechnologies earned a badge
      Week One Done
    • Veteran
      matthiew went up a rank
      Veteran
    • Enthusiast
      Motoman26 went up a rank
      Enthusiast
    • Mentor
      M. Murcek went up a rank
      Mentor
  • Popular Contributors

    1. 1
      +primortal
      675
    2. 2
      ATLien_0
      264
    3. 3
      Michael Scrip
      184
    4. 4
      +FloatingFatMan
      177
    5. 5
      Steven P.
      140
  • Tell a friend

    Love Neowin? Tell a friend!