• 0

Protecting/Hiding AngularJS Codes


Question

Hi,

 

Angular JS has been very useful to me lately and it's amazing how quick it makes web development. I am aware that Javascript isn't compiled, thus your Javascript codes or Angular JS codes are accessible to anyone with a web browser.

 

I really like how Angular works and actually love the fact that I can program most of my backend logic within Angular controllers, etc. But how do I protect proprietary codes or algorithm?

 

Currently, I'm making AJAX calls to a C++ binary/exe file to carry out a specific operation. This helps me protect the algorithm but I would love to compile the JS code to binary and no longer depend on C++, etc.

 

Any thoughts or ideas?

Link to comment
https://www.neowin.net/forum/topic/1255912-protectinghiding-angularjs-codes/
Share on other sites

7 answers to this question

Recommended Posts

  • 0

Run your code through a minifier to produce a .min.js file ?

 

Then use that in your production index.html page and you should be fine.

 

Be aware though of minified javascript code with Angular - you must have specified your dependencies properly otherwise things will break.

 

Plenty of info searching around for that though.

 

Also you dont want to be putting logic into Controllers - they are to be kept as lightweight as possible.

Put the logic into Services as they can be tested much more easily and this promotes code reuse over your application if required.

  • 0

Minify and also uglify your javascript. Search on google for techniques of doing both. It will mangle up your production scripts to where they won't be human readable anymore. Note that you're still not 100% secure that way since you still have working scripts exposed to the client and someone (quite smart with the proper tools) can still reverse engineer your codes to certain extent but for the most part you should be OK.

 

That being said, for very sensitive codes and algorithms it is sometimes best to leave them on the server. That's why as nice as JavaScript frameworks like Angular are, there still will always be the need to have a server in the back-end to perform certain sensitive tasks such as security, authentication and hiding protected algorithms...

  • 0
  On 07/05/2015 at 14:58, roosevelt said:

I really like how Angular works and actually love the fact that I can program most of my backend logic within Angular controllers, etc.

 

You mean frontend logic right?

 

  On 07/05/2015 at 14:58, roosevelt said:

Currently, I'm making AJAX calls to a C++ binary/exe file to carry out a specific operation. This helps me protect the algorithm but I would love to compile the JS code to binary and no longer depend on C++, etc.

 

There is not really a whole lot you can do with your JS, but to be honest I don't really see why it would be a problem anyway. I agree with what the others have said, If you have some new super amazing algorithm, chances are you only need to be using it on the backend anyways where this isn't a problem.

 

The only thing you can really do with JS is run it through a minifier which will mash up the formatting and naming of everything. It will look pretty unreadable to most people but that doesn't stop anyone from simply running it through a formatter (there is a pretty print function in Chrome's Developer tools) and things suddenly get a lot more readable. You don't get the variable names which good, but to be honest if someone is willing enough to try and work it out, they probably will.. .eventually.

  • 0

Minifying and uglyfying isn't gonna work, it's just going to rename the variables and function names but the code stays the same for anyone who want's to steal your code.

 

Front end stuff will always be something users can copy from your website, there's no way to protect yourself against that.

 

That's one of the many reasons why adobe flash was so succesful, it was able to include drm however you liked it.

  • 0

Security through obfuscation isn't security. You can't hide JavaScript code because it is compiled client side...

 

Move what you consider the most secret onto a server and call its output via APIs if you want to secure the code. Your client side code should be "dumb" and "thin" when you need to hide the details.

  • 0

Haha, yes you could say front end logic. Coming from cakephp MVC background, most of the things like rendering partials, handling routes, and dealing with arguments, etc are all handled by PHP and processed at the server level. But with angular I don't even need a web server and I could create a fully functional application with dummy/local json files.

  On 07/05/2015 at 15:23, Mulrian said:

You mean frontend logic right?

There is not really a whole lot you can do with your JS, but to be honest I don't really see why it would be a problem anyway. I agree with what the others have said, If you have some new super amazing algorithm, chances are you only need to be using it on the backend anyways where this isn't a problem.

The only thing you can really do with JS is run it through a minifier which will mash up the formatting and naming of everything. It will look pretty unreadable to most people but that doesn't stop anyone from simply running it through a formatter (there is a pretty print function in Chrome's Developer tools) and things suddenly get a lot more readable. You don't get the variable names which good, but to be honest if someone is willing enough to try and work it out, they probably will.. .eventually.

This topic is now closed to further replies.
  • Posts

    • "Let's antagonize them more so they'll be less likely to invade us" Good logic there.
    • Samsung One UI 8 Watch beta program goes live in Korea and the U.S, for eligible devices by Sagar Naresh Bhavsar After launching the Android 16-based One UI 8 beta program for the Galaxy S25 series, Samsung has also kicked off the One UI 8 Watch beta program for eligible Galaxy smartwatches. Notably, the beta program is live for Galaxy Watch users in the U.S. and Korea through the Samsung Members app. The new One UI 8 Watch introduces a bunch of new health features, which Samsung says are to "help users build healthier habits." New features include Bedtime Guidance, Vascular Load, Running Coach, and Antioxidant Index. Here's what each feature does: Bedtime Guidance It recommends Galaxy Watch users the best time they can get a good sleep based on their recent sleep patterns. This feature could be helpful for those who have a hard time having a good asleep. To recommend the best sleep patterns, the Bedtime Guidance uses sleep data from the past three days and analyzes metrics such as sleep pressure and circadian rhythm. Sleeping on the recommended time may help users recover from irregular schedules and sleep patterns. Vascular Load Using this feature, the One UI 8 Watch-powered Galaxy smartwatches will measure the amount of stress your heart and blood vessels experience during sleep. It is one of the key indicators of heart health, because if the vascular load shows excessive fluctuations, then it could be an indicator of an underlying cardiovascular issue. Running Coach Samsung has also added a Running Coach feature with the One UI 8 Watch. It gives users a personalized running program based on their fitness levels. The user needs to run for 12 minutes for the Galaxy Watch to register and analyze certain metrics and present a performance score. Based on the score, the Running Coach will present a tailored plan to help them safely reach and work up to marathon levels. Antioxidant Index The Antioxidant Index measures the carotenoid levels, which are antioxidants found inside green and orange fruits and vegetables that are inside your skin, meant to fight aging and cell damage. With One UI 8 Watch, the Galaxy Watch will make use of a light-based sensor to scan the skin and, in five seconds, will show a report on how their eating habits are paying off. Eligible devices Beta program is available for owners of Galaxy Watch5 or later in the U.S. and South Korea. However, not all features will be available on all supported Galaxy Watch models. Here are the details: Bedtime Guidance: Available on Galaxy Watch5 series or later, requires Android phone running Android 11 or later and Samsung Health app v6.30.2 or later. Vascular Load: Supported on Galaxy Watch Ultra or later, requires Android 10 or later, and Samsung Health app v6.30.2 or later. Running Coach: Requires Galaxy Watch7 or later, Android 10 or later, and Samsung Health app v6.30.2 or later. Antioxidant Index: Supported on Galaxy Watch Ultra or later, Android 10 or later, and Samsung Health app v6.30.2 or later. How to join beta program If you own a Galaxy Watch5 series or later model, then you can head over to the Samsung Members app > navigate to the bottom of the page > tap on the Watch Beta poster > and enroll for the beta prorgam. Do note that their are limited seats available.
    • I disabled the optical camera in device manager.. leaving only the IR. This has fixed the issue for me...but only because I never use the optical camera. After each monthly update re-enable the optical just to see if it's fixed...but nope! It's annoying though how this issue hasn't been acknowledged by Microsoft.
    • Linux is a different kettle of fish to macOS and Windows, if it ran the software I required, I may have looked at it, instead of the Mac, also the Mac is a pretty powerful machine that uses less energy than x86 machines. I never in my widest dreams thought I would ever buy a Mac, the price and restrictions of the hardware, I always liked machines that I could update internally, one reason why I never liked laptops. But here I am, a nice little Mac mini M2 pro. I doubt i will replace it for a long time, if I ever do, it does what I need.
    • 106 years ago! A comic strip from 1919 predicted — eerily and accurately — what would happen if our phones fit into our pockets.  W. K. Haselden’s ‘The Pocket Telephone: When Will it Ring?’ was published in “The Mirror” when barely 1/3rd of American homes even had telephones. (A double irony: most of us are viewing this on our “pocket phones”.)
  • Recent Achievements

    • Week One Done
      patrickft456 earned a badge
      Week One Done
    • One Month Later
      patrickft456 earned a badge
      One Month Later
    • One Month Later
      Jdoe25 earned a badge
      One Month Later
    • Explorer
      Legend20 went up a rank
      Explorer
    • One Month Later
      jezzzy earned a badge
      One Month Later
  • Popular Contributors

    1. 1
      +primortal
      640
    2. 2
      ATLien_0
      277
    3. 3
      +FloatingFatMan
      172
    4. 4
      Michael Scrip
      156
    5. 5
      Steven P.
      132
  • Tell a friend

    Love Neowin? Tell a friend!