"centaur" <pe************@hotmail.com> writes:
I am now seeking tools on javascript obfuscation.
.... I need to encrypt several js and jsp files using javascript.
(If I'm not mistaken, jsp stands for Java Server Pages, and is a
server side thing. No reason to obfuscate them at all.)
*Why* do you think you need to obfuscate (which is *not* encryption)
Javascript?
You are talking about security - secrecy in particular. Before taking
any security measure, one should construct a threat model:
What are you trying to prevent?
Who are you trying to prevent from it?
What are their capabilities?
What will it cost you if the security fails?
When you have determined yor security needs, you can evaluate a given
security measure (e.g., obfuscating Javascript) to see how it helps
you counter the threats, *and* whether it is worth it.
If not an open source, which other obfuscator you will recommend ?
None. The way web pages work is such that anything worth protecting
should not be published. If anybody can have any significant gain from
getting access to your code, then they *can* get access cheap enough
to make it worth it. Adding obfuscation won't cost them enough to stop
them, unless the gain is so insignificant that you shouldn't care
either.
In security, it is widely accepted that security through obscurity is
false security. In other settings, obscurity can *add* an extra layer
of defense on an otherwise secured attack path, and a delay there
might help you respond before the protection is breached in depth.
For a web page that is downloaded and manipulated off-line, extra
delay means fairly little. Also, since the browser must be able to
read the scripts without interaction, there is no way to implement
security in depth, so the obfuscation becomes the only security
measure. It is simply not the right tool for that. Sadly, that means
that there isn't any.
/L
--
Lasse Reichstein Nielsen -
lr*@hotpop.com
DHTML Death Colors: <URL:http://www.infimum.dk/HTML/rasterTriangleDOM.html>
'Faith without judgement merely degrades the spirit divine.'