What are the methods of protecting JavaScript web applications/games?

Back story: I’m planning to implement a casual game to be deployed in a webapp, but I don’t want to use Flash, instead just plain Javascript. One benefit of Flash that I would want though is that it distributes a binary and not the source code so it’s easier to protect your code from being reused/stolen by somebody else, or to prevent the client from modifying the code to “cheat” in the game?

So my question is: what are the ways to similarly protect a Javascript application? Am I limited to the usual methods of using a code obfuscator? Will that be enough?

Posted by Roy Tang under notes at 28 Jul 2010 7:51pm #javascript #questions #stackoverflow #software development
Also on: stackexchange / 11

Comments

Pointy

2010-07-28 19:55:15

Downvoter: downvotes are for bad questions, not questions about something you don’t want people to do. There’s nothing technically wrong with this question.

David

2010-07-28 19:56:41

I don’t think it’s going to be particularly possible. As you say, there are obfuscation techniques. But at some point the browser has to be able to see the code to interpret it, which means you have to supply the code to the client.

Pointy

2010-07-28 19:57:06

@Roy Tang - obfuscating is all you can do. Be careful, because some obfuscators do some fairly silly things and can make your code run slower. They also do little to really “protect” your code. If you consider your code or some implementation techniques to be valuable, don’t deliver it as Javascript in a web page.

Byron Sommardahl

2010-07-28 19:58:02

A code obfuscator is about all you can do. No matter what you do, the executable code will/must be available in the browser.

Cfreak

2010-07-28 19:58:14

Use AJAX to have your game verify against server code you control. This is also useful if the game is multi-player in someway. Verification prevents someone from changing the code in order to cheat.

Also Flash is not immune at all from being taken by someone else. People can download the binary and post it wherever they want. And Flash de-compilers do exist and are quite effective.

Roy Tang

2010-07-28 19:58:29

Sorry, edited: Another concern I have is to prevent “cheating” by people who know Javascript.

Note: I don’t want to know how to obfuscate, i already do. I want to know if there are other options.

meder omuraliev

2010-07-28 20:02:22

Don’t post it on the internet! :)

David

2010-07-28 20:03:30

@Roy Tang: To prevent cheating, the only real option is to have the game engine run server-side and validate all input. Never implicitly trust what the client machine tells you.

Marcel Korpel

2010-07-28 20:06:56

Roy, I voted to close this question, but with the wrong duplicate. There are far better answers in How to prevent your Javascripts being stolen, copied, and viewed?

David

2010-07-28 20:07:00

Why, specifically, do you want it to be in JavaScript? You can use node.js to run JavaScript code server-side for the protected stuff and interact with it from client-side JavaScript.

Roy Tang

2010-07-28 20:14:05

Thanks for all the replies. I’m satisfied that there’s really no way to go further, so I’ll just accept the AJAX answer as that’s what I’ll probably be doing.

If you enjoyed my content for some reason, I'd love to hear from you! Here are some options:

You can buy me a coffee!
You can write a reply on your own site and submit the URL as a webmention via the form below.
Or you can just contact me!