• 0

Protecting/Hiding AngularJS Codes


Question

Hi,

 

Angular JS has been very useful to me lately and it's amazing how quick it makes web development. I am aware that Javascript isn't compiled, thus your Javascript codes or Angular JS codes are accessible to anyone with a web browser.

 

I really like how Angular works and actually love the fact that I can program most of my backend logic within Angular controllers, etc. But how do I protect proprietary codes or algorithm?

 

Currently, I'm making AJAX calls to a C++ binary/exe file to carry out a specific operation. This helps me protect the algorithm but I would love to compile the JS code to binary and no longer depend on C++, etc.

 

Any thoughts or ideas?

Link to comment
https://www.neowin.net/forum/topic/1255912-protectinghiding-angularjs-codes/
Share on other sites

7 answers to this question

Recommended Posts

  • 0

Run your code through a minifier to produce a .min.js file ?

 

Then use that in your production index.html page and you should be fine.

 

Be aware though of minified javascript code with Angular - you must have specified your dependencies properly otherwise things will break.

 

Plenty of info searching around for that though.

 

Also you dont want to be putting logic into Controllers - they are to be kept as lightweight as possible.

Put the logic into Services as they can be tested much more easily and this promotes code reuse over your application if required.

  • 0

Minify and also uglify your javascript. Search on google for techniques of doing both. It will mangle up your production scripts to where they won't be human readable anymore. Note that you're still not 100% secure that way since you still have working scripts exposed to the client and someone (quite smart with the proper tools) can still reverse engineer your codes to certain extent but for the most part you should be OK.

 

That being said, for very sensitive codes and algorithms it is sometimes best to leave them on the server. That's why as nice as JavaScript frameworks like Angular are, there still will always be the need to have a server in the back-end to perform certain sensitive tasks such as security, authentication and hiding protected algorithms...

  • 0
  On 07/05/2015 at 14:58, roosevelt said:

I really like how Angular works and actually love the fact that I can program most of my backend logic within Angular controllers, etc.

 

You mean frontend logic right?

 

  On 07/05/2015 at 14:58, roosevelt said:

Currently, I'm making AJAX calls to a C++ binary/exe file to carry out a specific operation. This helps me protect the algorithm but I would love to compile the JS code to binary and no longer depend on C++, etc.

 

There is not really a whole lot you can do with your JS, but to be honest I don't really see why it would be a problem anyway. I agree with what the others have said, If you have some new super amazing algorithm, chances are you only need to be using it on the backend anyways where this isn't a problem.

 

The only thing you can really do with JS is run it through a minifier which will mash up the formatting and naming of everything. It will look pretty unreadable to most people but that doesn't stop anyone from simply running it through a formatter (there is a pretty print function in Chrome's Developer tools) and things suddenly get a lot more readable. You don't get the variable names which good, but to be honest if someone is willing enough to try and work it out, they probably will.. .eventually.

  • 0

Minifying and uglyfying isn't gonna work, it's just going to rename the variables and function names but the code stays the same for anyone who want's to steal your code.

 

Front end stuff will always be something users can copy from your website, there's no way to protect yourself against that.

 

That's one of the many reasons why adobe flash was so succesful, it was able to include drm however you liked it.

  • 0

Security through obfuscation isn't security. You can't hide JavaScript code because it is compiled client side...

 

Move what you consider the most secret onto a server and call its output via APIs if you want to secure the code. Your client side code should be "dumb" and "thin" when you need to hide the details.

  • 0

Haha, yes you could say front end logic. Coming from cakephp MVC background, most of the things like rendering partials, handling routes, and dealing with arguments, etc are all handled by PHP and processed at the server level. But with angular I don't even need a web server and I could create a fully functional application with dummy/local json files.

  On 07/05/2015 at 15:23, Mulrian said:

You mean frontend logic right?

There is not really a whole lot you can do with your JS, but to be honest I don't really see why it would be a problem anyway. I agree with what the others have said, If you have some new super amazing algorithm, chances are you only need to be using it on the backend anyways where this isn't a problem.

The only thing you can really do with JS is run it through a minifier which will mash up the formatting and naming of everything. It will look pretty unreadable to most people but that doesn't stop anyone from simply running it through a formatter (there is a pretty print function in Chrome's Developer tools) and things suddenly get a lot more readable. You don't get the variable names which good, but to be honest if someone is willing enough to try and work it out, they probably will.. .eventually.

This topic is now closed to further replies.
  • Posts

    • The Radeon RX 9060 XT is 5% slower than the GeForce RTX 5060 Ti, but the GeForce RTX 5060 Ti is 23% more expensive, at least when comparing MSRPs.
    • I would love to see Musk's face! 🤣🤣🤣
    • I think each AI option has their ups and downs. For Copilot, I find it more personable in how it talks compared to GPT & Gemini. I also appreciate the open ended questions it often provides at the end of its responses to keep the conversation going.
    • Microsoft offers free access to AI video creation with Bing Video Creator by Pradeep Viswanathan Two years ago, Bing Image Creator became one of the first major online services that allowed users to create images from text using OpenAI’s DALL-E model. Today, Microsoft is introducing Bing Video Creator, powered by OpenAI’s Sora, allowing users to create videos with text prompts. Despite announcing Sora last year, OpenAI has not been able to expand its availability to millions of ChatGPT users due to huge AI infrastructure requirements. It is still only available to ChatGPT Pro subscription users, which costs about $200 per month. Recently, Google announced its Veo 3 video generation model, which performs significantly better than OpenAI’s Sora, to all Gemini paid subscribers, making video generation accessible to even Gemini Pro subscribers, which costs just $20 per month. Now, Microsoft is democratizing access to video generation models by making Bing Video Creator free for all Bing users. Bing Video Creator is rolling out today globally (excluding China and Russia) on the Bing Mobile App, and it will be coming soon to the Bing desktop experience within Copilot Search. Bing Video Creator users will have the ability to choose between Fast and Standard generation speeds. Each user will have 10 Fast creations; following that, users can redeem 100 Microsoft Rewards points for each Fast creation or continue with Standard creation speeds. Once you have downloaded the Bing mobile app, here’s how you can access the Video Creator feature: Open Video Creator within the Bing Mobile app by clicking on the menu in the bottom right corner and selecting “Video Creator.” Just type in a text description of the video you want to create in the prompt box. Once the prompt text is ready, just tap “Create.” Or you can also just type directly into the Bing mobile app search bar "Create a video of..." to create a video. You’ll receive a notification when your video is ready to view. If required, you can also download the video or share it via social media or email. You will also have the ability to copy a direct link to the video for easy sharing elsewhere. Microsoft will be storing the generated videos for up to 90 days in your account for easy access later. Microsoft noted that the Bing Video Creator videos are 5 seconds long and can be created only in 9:16 format for now. Microsoft will be adding the 16:9 format soon. When you are waiting for your video to be created, you can also queue up another two videos. Once one of the slots becomes available, you can add another one to the queue. When Bing Video Creator becomes available on desktop, you can visit Bing.com/create for both image and video creation needs.
  • Recent Achievements

    • Week One Done
      Nullun earned a badge
      Week One Done
    • First Post
      sultangris earned a badge
      First Post
    • Reacting Well
      sultangris earned a badge
      Reacting Well
    • First Post
      ClarkB earned a badge
      First Post
    • Week One Done
      Epaminombas earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      150
    2. 2
      ATLien_0
      122
    3. 3
      Xenon
      121
    4. 4
      snowy owl
      99
    5. 5
      +Edouard
      94
  • Tell a friend

    Love Neowin? Tell a friend!