Roy Tang

Programmer, engineer, scientist, critic, gamer, dreamer, and kid-at-heart.

Blog Notes Photos Links Archives About

Back story: I’m planning to implement a casual game to be deployed in a webapp, but I don’t want to use Flash, instead just plain Javascript. One benefit of Flash that I would want though is that it distributes a binary and not the source code so it’s easier to protect your code from being reused/stolen by somebody else, or to prevent the client from modifying the code to “cheat” in the game?

So my question is: what are the ways to similarly protect a Javascript application? Am I limited to the usual methods of using a code obfuscator? Will that be enough?

Comments

Downvoter: downvotes are for bad questions, not questions about something you don’t want people to do. There’s nothing technically wrong with this question.
I don’t think it’s going to be particularly possible. As you say, there are obfuscation techniques. But at some point the browser has to be able to see the code to interpret it, which means you have to supply the code to the client.
@Roy Tang - obfuscating is all you can do. Be careful, because some obfuscators do some fairly silly things and can make your code run slower. They also do little to really “protect” your code. If you consider your code or some implementation techniques to be valuable, don’t deliver it as Javascript in a web page.
A code obfuscator is about all you can do. No matter what you do, the executable code will/must be available in the browser.

Use AJAX to have your game verify against server code you control. This is also useful if the game is multi-player in someway. Verification prevents someone from changing the code in order to cheat.

Also Flash is not immune at all from being taken by someone else. People can download the binary and post it wherever they want. And Flash de-compilers do exist and are quite effective.

Sorry, edited: Another concern I have is to prevent “cheating” by people who know Javascript.

Note: I don’t want to know how to obfuscate, i already do. I want to know if there are other options.

Don’t post it on the internet! :)
@Roy Tang: To prevent cheating, the only real option is to have the game engine run server-side and validate all input. Never implicitly trust what the client machine tells you.
Roy, I voted to close this question, but with the wrong duplicate. There are far better answers in How to prevent your Javascripts being stolen, copied, and viewed?
Why, specifically, do you want it to be in JavaScript? You can use node.js to run JavaScript code server-side for the protected stuff and interact with it from client-side JavaScript.
Thanks for all the replies. I’m satisfied that there’s really no way to go further, so I’ll just accept the AJAX answer as that’s what I’ll probably be doing.