Code Surfing

Taking JavaScript as our example, at the very basic level, it is possible to require that JavaScript is enabled to view the page and then, assuming this is turned on in the browser, disable the right click option to view the menu and hence the option to view the source code. Unfortunately this protection does not allow for the fact that JavaScript could be disabled after having passed the “check to see if it is enabled” check and hence source code could be accessed once more (there are other ways round this too). Therefore this is a very weak level of protection for such scripts but does act as a deterrent for the very light weight code surfer.

Some sites use server side generation of scripts using other programming languages such as PHP or PERL to deliver the script when called upon but again this is very weak as the very nature of the script requires that the script is available to browser in a native fashion and hence is easily readable by using, say, the “Save As” option on a page. This will simply request the page content and place in all in a file, including client-side scripts.

Given the assumption that scripts will always be available to the browser, and therefore the code surfer, in some form, the only real way to protect your script is to make it understandable to the browser, yet very difficult for a human to understand. This can be achieved by writing extremely obtuse code, which takes a great deal of time and effort or by using an obfuscation programme where “JavaScript code will become impossible to understand thus preventing anyone to steal and modify it” Jacob 3 (2010) with the additional benefit that script can be essentially compressed on the page, leading to faster page load times.

In my experience, assuming that your scripts work well they should be documented, a GNU license and copyright stated in the hope that, if used, some credit will be given if not a commission for commercial work. In our commercial dealings we use obfuscation however always in the knowledge that this is only a deterrent but it the best we can currently achieve.

References

Jasob 3 (2010) JacaScript Obfucsation [Online]. Available at http://www.jasob.com/ (Accessed 26 September 2010).