Posted by Roman Ziak on 06/02/06 12:00

Jerry Stuckle wrote:
> universalbitmapper wrote:
>> I'm sorry, my message is not clear.
>>
>> Please check this link and look for Stunnix javascript + obfuscator:
>>
>> http://www.sharewareplaza.com/Java-JavaScript-category_119_12.html
>>
>> the price is 280 $
>>
>> I can't do much with php alone, obviously I need javascript, css, calls
>> to hhtpdrequest,
>> interactivity with MySQL and so on.
>>> From what I gathered, as the browser has to load javascript, the only
>> thing the obfuscator can do
>> is remove explicit variable names, indentation, in order to display
>> garbled-like source in the javascript console.
>> Some obfuscators cost 20$, some have a site licence of 1000$
>> What do you think?
>>
>
> It only "hides" the code from the casual observer. The browser has to be
> able to execute the code, so it's still there in plain sight. Just
> harder to understand.
>

Stripping comments, packing, replacing variable names - every steps
narrows the group of people having the skills and willing to take time.
This group cannot be completely eliminated - even compiled programs are
vulnerable to skilled hacker who will recognize algorithms from machine
code.

Even if code is running in single package CPU without possibility to
read it back, with certain level of effort the plastic package can be
removed and hacker could tap directly into internal bus.

My point is that by taking those above-mentioned steps, the code gets
practical level of protection.

[Back to original message]