迷惑值得吗?
混淆 Javascript 有意义吗?我能看到的唯一明显的好处是隐藏代码(尽管本质上是非专有的,因为它是客户端的)以防止窥探,并作为最小化器,因为 JavaScript 混淆器通常也会进行最小化。
Does it make sense to obsfucate Javascript? The only clear benefits I can see are to hide code (albeit non-proprietary in nature since it's client-side) from prying eyes and as a minimizer since often Javascript obsfucators do minimization as well.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
我认为 JavaScript 混淆 不值得在大多数一般情况下出于隐藏目的而付出努力。然而,对于许多人来说,缩小是值得的正如您所提到的,原因也有混淆代码的轻微副作用。
I do not think that JavaScript obfuscation is worth the effort for concealment purposes in most general scenarios. However, minification is worth-it, for many reasons, which as you mentioned, has the minor side-effect of obfuscating code as well.
好吧,如果它不是一些尖端的 javascript 代码,不应该轻易复制和重现,并且脚本的字节数不是太大,我就不会打扰。每次需要部署时都进行混淆有点麻烦,而且好处很小。
即脚本不要太大,代码不需保护。
(即使混淆并不能真正保护你的代码,只是让它变得更难理解)
Well, if its not some cutting edge javascript code that should not be easily copied and reproduced, and the script is not too big in bytes, i would not do the bother. Its a bit hassle to do the obfuscating each time you need a deploy, and the benefit is small.
That is, the script is not too big , and code does not to be protected.
(even obfuscation does not really protect your code, just make it abit harder to understand)
我使用过 YUI Builder,我发现它可以大大减少我的 javascript 的大小。因此,混淆的最小化方面本身就非常有用。
在安全性方面,我想你可以采取任何措施来让恶意用户更难弄清楚你的东西是如何工作的,你的情况就越好。
最后,大多数混淆器在遇到写得不好的 javascript 时会给你警告或错误,并且作为一个整体也会提高你的代码质量。
总结一下
缺点:你必须运行混淆器
优点:
I have used the YUI Builder, I find it good for reducing the size of my javascript a great deal. So minimization aspect of the obfuscation is a very useful in itself.
In terms of security, I guess anything you can do to make it harder for malicious user to figure out how your stuff works, the better off you are.
Lastly most obsfuscators will give you warnings or errors when it encounters badly written javascript, and as a whole will improve the quality of your code as well.
So in summary
Cons: You gotta run the obfuscator
Pros:
我认为这不值得,因为任何有足够动力去获取你的代码的人仍然可以获得它。至于最小化,我不介意,因为 gzip 减轻了对此的需要。
I don't think it is worthwhile, because anyone motivated enough to get your code can still get it. As far as minimizing, I don't bother, since gzip mitigates the need for that.
混淆是最小化的副作用。您的变量、函数等被重命名为尽可能短的长度以节省空间。否则,最小化器就只是空白删除器。
虽然即使代码被混淆了,也绝对有可能知道你的代码在做什么,但对于“随意”查看你的代码的人来说,这会困难得多。
Obfuscating is a side effect of minimizing. Your variables, functions, etc. are renamed to the shortest possible length to save space. Otherwise, minimizers would simply be white space removers.
While definitely possible to tell what your code is doing even if it was obfuscated, it will be much harder to someone "casually" looking at your code.
Dojo 库有一个名为 ShrinkSafe 的组件。它会压缩你的 JavaScript 文件,并对代码进行一些混淆。这样,您可以将原始文件保存在某处,然后仅释放通过 ShrinkSafe 运行的文件。
The Dojo library has a component called ShrinkSafe. It will compress your JavaScript file and will obfuscate the code some. This way, you can keep the originals somewhere and then release only the ones ran through ShrinkSafe.