Let's say I've to include the following line with my website header:
<script type="text/javascript" language="javascript" src="file.js"></script>
Now anyone easily can visit my--web--site/file.js and view its source.
So, I wonder if there any idea I can rename file.js to file.php and still able to call it and works fine, so that no one can view it by visiting my--web--site/file.php.
Any idea?
分享 About the only thing you could do is to make it difficult to read and understand your JavaScript code.
Check out this post on the YUI blog about Minification and Obfuscation. Minification will have the added benfit of making your script smaller and thus load faster.
Take special note of what the article has to say in its closing paragraph:
Then finally, there is that question of code privacy. This is a lost cause. There is no transformation that will keep a determined hacker from understanding your program. This turns out to be true for all programs in all languages, it is just more obviously true with JavaScript because it is delivered in source form. The privacy benefit provided by obfuscation is an illusion. If you don’t want people to see your programs, unplug your server.
分享
