Hacker News new | past | comments | ask | show | jobs | submit login
How to protect your front end JavaScript logic from being copied by competitors?
8 points by blyce on Jan 23, 2015 | hide | past | favorite | 7 comments
Hi,

I'm wondering how I can effectly protect my JS logic inside the frontend from being copied by any of our competitors.

Is there any good pratice aside from uglifying?




Having written a commercial obfuscator, I can assure you that there actually is no way. Encrypting or obfuscating your client code won't prevent it from being stolen, analyzed or even "reused" by other people. Just live with the fact that if your software gets popular enough, your client code will be copied or modified.

The only way to secure your product is to make the client depend on algorithms running on your server. That's also the reason why most popular computer games are becoming "online only" recently.


No, there's no way. Remember that the javascript is just sending instructions to the browser. If the browser can understand those instructions, then so can anyone else. You can obfuscate it, uglify it, but it's not going to help you much.

That being said, if you're willing to change up your design pattern a bit, and push more logic to the server you can get your js down two a much thinner client and handle your business-logic away from prying eyes.

But IMHO, reverse-engineering a product is very easy for the vast majority of cases, even if you can't see the code. So they're going to figure out a way to copy you regardless. There are only a handful of companies left who are doing something that others have a significantly hard-time reverse-engineering. Your codebase is valuable of course, but it's rarely a meaningful competitive-edge.


Uglify it and don't worry about it. Concentrate on being better than your competitors.


I uglify my code to cut down file size and not because I worry about protecting my code from copying because very few applications really contain something novel enough that a motivated person couldn't copy you even without access to code. Instead, focus on providing better value to your customers. If you do have some novel piece of functionality that you absolutely must protect, implement it on the server.


The only way which is at all effective is to move the sensitive bits of functionality onto your servers, away from prying eyes.

You're going to have to concede some parts of your app to public scrutiny; if a JavaScript interpreter can understand it, so can savvy humans. Don't waste too much time pushing that particular stone up the hill, it will only roll down again.


Disable the console.


This does not stop them from viewing the source of the page.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: