Posted by Jerry Stuckle on 12/18/40 11:49

Dana Cartwright wrote:
> "Roman Ziak" <news12@ziak.com> wrote in message
> news:izWfg.385$Uy1.148@read1.cgocable.net...
>
>>Jerry Stuckle wrote:
>>
>>>Roman Ziak wrote:
>>>
>>>>Jerry Stuckle wrote:
>>>
>>>Javascript code is typically very short - and uncommented (look at pages
>>>on different sites - how many have useful comments anyway?).
>>>
>>>Any decent code tidier will unpack the file into something readable.
>>>
>>>Good variable names do make the code more readable. However, reasonable
>>>variable names can be easily inferred from calls to system functions and
>>>other actions.
>>>
>>>In short, obfusticating javascript code is going to slow down a
>>>programmer maybe 10 minutes. 15 minutes if it's really a big code. The
>>>only people who call it protection are those who sell obfusticators - or
>>>someone who is really clueless.
>>
>>Really ?
>>
>>I'd absolutely love to observe you to understand moderate code size
>>1000+ LOC with autogenerated viariable names in 15 minutes.
>>
>>Actually, I'd love to observe you do that in 2 hours.
>>
>>
>>>And you're going really off the wall. This has nothing to do with
>>>compiled programs. And you don't need to tap directly into an internal
>>>bus.
>>
>>My point of practicality was obviously misunderstood. Nevermind.
>
>
> Ah, I think it was understood. Protection is never absolute; there is
> always a range of protection available, from 0 to 99, perhaps, but never
> 100%. You are quite right that even complied software burned into silicon
> isn't 100% protected.
>
> But Jerry has a point as well, which is that in the world of Javascript on
> web pages, on a scale of 0 to 100, protections probably never get above 10,
> and many of them rate no higher than 5.
>
> If you look at the C obfuscation contests that appear on the web, and try to
> study the source code, you get a feeling for how challenging it can be to
> read carefully obfuscated code. So, Jerry, I think your estimates are low,
> but I agree that JS obfuscation seems pretty pointless. If someone wants to
> steal your code (and if it's worth stealing), spending a day or two in the
> stealing process isn't going to stop anybody. So who cares if it takes 20,
> 30, or even 100 hours to understand it?
>
> -Dana
>
>

Dana,

My point is that javascript code in web pages is normally generally small -
often times no more than a couple of dozen loc. And once you tidy these up, it
becomes very easy to proceed further.

Once in a while you'll see hundreds of loc of javascript - similar to what you
see in the obfusticated C programming contests (which I've followed since the
mid 80's when they were held on Fidonet). And in those cases it does get harder
to read. But again, if things are broken up into shorter functions, it gets
rather easy to read. And in reality - how many pages have hundreds of loc of
javascript with very few functions?




--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]