假设我要在网站标题中加入以下行:</ p>

< pre> &lt; script type =“text / javascript”language =“javascript”src =“file.js”&gt;&lt; / script&gt;
</ code> </ pre>

现在任何人都可以轻松访问 my - web - site / file.js </ code>并查看其来源。
所以,我想知道是否有任何想法我可以重命名 file.js </ code >到 file.php </ code>并且仍然可以调用它并且工作正常,因此没有人可以通过访问 my - web - site / file.php </ code>来查看它。 </ p>

有什么想法吗?</ p>
</ div>



Let's say I've to include the following line with my website header:

<script type="text/javascript" language="javascript" src="file.js"></script>

Now anyone easily can visit my--web--site/file.js and view its source. So, I wonder if there any idea I can rename file.js to file.php and still able to call it and works fine, so that no one can view it by visiting my--web--site/file.php.

Any idea?

douqiang6036 如果JS文件包含“个人信息”,则需要阅读身份验证。您的网站应该已经知道您正在与谁通话,如果它正在提供针对特定人员的数据。
8 年多之前 回复
duanmao9918 不在文件中,先生!通过AJAX获得的数据也将在客户端(实际上在浏览器的内存中),但是当你移动到另一个页面时它会消失(并且不会将其保存在用户的会话中)。必须检查这些概念。如果问题很重要,最好确保ajax请求与有效会话绑定...
8 年多之前 回复
drui0508 这样做真的没有意义。实际上,任何感觉被迫分析你的来源的人肯定能够规避任何不请求我的方法。基本经验法则:如果浏览器可以访问它,那么用户也可以访问它。
8 年多之前 回复
dtu36380 该文件将有一些我使用ajax调用它的个人信息!
8 年多之前 回复
dousao6260 您需要了解客户端代码和服务器端代码之间的区别。
8 年多之前 回复
douyin4875 你的JS文件将存在于用户的PC中,因此忘记了类似DRM的问题,最好在数据输入上准备一些好的服务器端验证。如果你想保持自己的知识,你可以混淆你的JS。
8 年多之前 回复


关于你唯一能做的就是难以阅读和理解你的JavaScript代码。</ p>

查看此在YUI博客上发帖</ a >关于缩小和混淆。 缩小将使您的脚本更小,从而加载速度更快。</ p>

请特别注意文章在其结尾段落中所说的内容:</ p>

最后,还有代码隐私问题。 这是一个失败的原因。 没有任何转变可以让坚定的黑客无法理解你的程序。 事实证明,对于所有语言中的所有程序都是如此,使用JavaScript更明显是因为它以源代码形式提供。 混淆提供的隐私权益是一种幻觉。 如果您不希望别人看到您的程序,请拔掉您的服务器。</ p>
</ blockquote>
</ div>



About the only thing you could do is to make it difficult to read and understand your JavaScript code.

Check out this post on the YUI blog about Minification and Obfuscation. Minification will have the added benfit of making your script smaller and thus load faster.

Take special note of what the article has to say in its closing paragraph:

Then finally, there is that question of code privacy. This is a lost cause. There is no transformation that will keep a determined hacker from understanding your program. This turns out to be true for all programs in all languages, it is just more obviously true with JavaScript because it is delivered in source form. The privacy benefit provided by obfuscation is an illusion. If you don’t want people to see your programs, unplug your server.

douxuan3095 该引用的+1 - 它确实是一个失败的原因,但人们将永远不断询问它。
8 年多之前 回复

Javascript作为源分发 - 如果您的用户无法查看,则无法运行它 - 所以不,不是真的。 </ p>

如果你是偏执狂,你可以做的是在部署之前混淆和缩小(google“minify javascript”)源。</ p>

这是 远非防弹(例如,在其调试工具中有一个非常漂亮的漂亮打印机)。</ p>
</ div>



Javascript is distributed as source - if your users can't view it, they can't run it - so no, not really.

What you can do, if you are paranoid, is obfuscate and minify (google "minify javascript") the source before deploying.

This is far from bulletproof though (chrome for instance, has a very nice pretty printer in its debugging tools).

如果您不希望人们看到您网页的内容(包括您的JS),请不要 在互联网上</ strong>!</ p>

任何在客户端上都有调试器的人都可以抓住你的脚本,无论你如何将它提供给客户端。</ p>
</ div >



If you don't want people seeing the contents of your web page (including your JS), don't put it on the internet!

Anyone with a debugger on the client can grab your script no matter how you serve it up to the client.

不,你不能这样做。 如果一个人的浏览器能够读取您的JS文件,那么该人也必须能够读取您的JS文件。 这就是互联网的运作方式。 这是好的和理想的行为,你不应该试图阻止人们阅读构成你网站的CSS / JS / HTML。 这完全是弄巧成拙,没有任何目的。 没人对窃取您的JS代码感兴趣。</ p>
</ div>



No, you cannot do this. If a person's browser is able to read your JS file, that person must also be able to read your JS file. That is how the Internet works. This is good and desirable behaviour, and you shouldn't try to keep people from reading the CSS/JS/HTML that composes your website. It is completely self-defeating and serves no purpose. Nobody is interested in stealing your JS code.

不。 JavaScript文件在Web浏览器上下载并执行。 这意味着用户需要能够下载它。</ p>

您可以使用某种混淆器,使人们更难阅读,但让客户保持功能。</ p>
</ div>



No. The JavaScript file is downloaded and executed on the web browser. This means that the user needs to be able to download it.

You can obfuscate it using some kind of obfuscator that makes it a lot harder for people to read, yet keep it functional by the client.

Csdn user default icon