PHP Scripts that will encrypt javascript

jphilapy

Does anyone know of any PHP Scripts that will encrypt javascript?

Jeff

batman

You can encrypt javascript in any php script.

echo "<script language=\"javascript\">";
echo "whatever javascript you want in here";
echo "</script>";

-Blake

Mordecai

Originally posted by batman
You can encrypt javascript in any php script...

Well, that's not encrypting it, that's just echoing it out.

You could always put all the javascript in a variable:
$javascript = "javascript here";

and then encrypt it using some of PHP's encrypting tools:
crypt($javascript); // one-way hashing
md5($javascript); // one-way MD5 hashing (there's a post floating around about the faulty use of MD5, check it out)
base64_encode($javascript); // base64 encoding (you can use base64_decode() to decode it)

Also, check out the Mcrypt encryption functions.

laserlight

That isnt likely to work, since the JS code will need to be decrypted in order for the browser to execute it.

batman

I wasn't sure what he meant by encrypt.

If you say what your trying to do exactly, it will lead you to a lot more possible answers.

-Blake

jphilapy

Hi folks,

I discovered this library which does what I need it to:

http://www.blueroot.net/index2.php
http://pear.php.net/package-info.php?pacid=112

And yeah you can encrypt and decrypt javascrypt in the browser and still run it. When the user looks at the code they will see encrypted javascrpt.

However it is very easy to decrypt but that doesn't matter because it is just one more step to making content theft a difficult task. The more locks and blocks the higher the cost for the one grabbing your content.

Jeff

laserlight

it also tends to mean that it is more difficult to maintain your website.

as you noted, it is easy to decrypt, precisely because the encryption is weak to begin with, and the algorithm is right out in the open for decryption to work.

jphilapy

Sometimes that is true but not in this case. I mean you can automate the encryption of pages. Besides I don't believe that encrypted pages are search engine friendly so it would probably be best to be selective about what you do or don't encrypt.

Then there is the cost factor: If protecting your content is worth more than the time it takes you to protect it then there isn't an issue.

Jeff

cyclops

"securing" javascript is the same as locking your bike with a tie-wrap
do not do it ! it is tiresome and not secure.
also called security through obscurity

laserlight

jphilapy's point is that "that doesn't matter because it is just one more step to making content theft a difficult task. The more locks and blocks the higher the cost for the one grabbing your content"

which I find to be quite true, since even strong encryption (excluding OTP) can be broken, it's just a matter of time and effort, and whether the material is worth the time and effort.

of course in the case of such encryption there is also the factor of how useful the material will be by the time it is decrypted, but the idea is there.

tsinka

Hi,

I think there might be a better approach to prevent users from seing the script source.

Put it in a .js file and insert

into your HTML code. If you have the rights to edit the configuration of your webserver you can then configure it to prevent direct requests to .js files. The server would still allow the scripts to be loaded with the code above but you cannot get them by requesting e.g. http://www.theserver.com/scripts/myscripts.js.

If the server is running apache and you don't have access to the configuration because it is a hoster you might get around that by placing a .htaccess into your Document Root that adjusts that settings on the web server.

This would be much more painless than encrypting the whole javascript code.

jphilapy

I have thought about that but I have not quite figured out how to do it. I mean any request to that file via the browser should be interepreted the same right?

Have you done it? What do I put into my htaccess file?

BTW: I have my own server so I have full access.

Jeff