-3

I wanted to know if there is a way to make your JavaScript private from client side?

Faiz Ahmed
  • 11
  • 3
  • That's not duplicate I want to make it invisible not even encrypt it. – Faiz Ahmed May 04 '14 at 05:24
  • http://meta.stackexchange.com/questions/194476/someone-flagged-my-question-as-already-answered-but-its-not – gnat May 04 '14 at 06:48
  • 3
    @FaizAhmed in some sense it is, since (as you see from the only answer) obfuscating is the only option here (and not worth much). You must keep important stuff on the server and make sure that security doesn't depend on params sent from the browser. – thorsten müller May 04 '14 at 09:06

1 Answers1

2

You cannot make client-side javascript private. You can obscure it by running a program that will shorten all the variable names into meaningless names, but by definition if it can be read and executed by a browser, so can it be read by a person.

jfriend00
  • 3,572
  • 27
  • 18
  • So how does node.js works – Faiz Ahmed May 04 '14 at 05:30
  • `node.js` does not run in a browser. It runs on a server or desktop computer somewhere and usually loads scripts locally. Those scripts can be kept locally because they are never served to a browser. – jfriend00 May 04 '14 at 05:31
  • Do you have experience in this technology? – Faiz Ahmed May 04 '14 at 05:33
  • Can you ask a more specific question? I've written javascript for both browser and node.js. – jfriend00 May 04 '14 at 05:34
  • Can node.js be totally replaced by any other server-side language? – Faiz Ahmed May 04 '14 at 05:36
  • And lastly can it be mixed with browser's JavaScript? – Faiz Ahmed May 04 '14 at 05:38
  • 2
    It sounds like you don't understand that node.js runs on the server and the browser javascript runs on the client. You can't mix the two. You can use any server-side language you want (Python, C++, Java, javascript, PHP, etc...). Only javascript runs in the browser. You can make ajax calls from browser to server if you want. – jfriend00 May 04 '14 at 05:41
  • The reason why I'm asking this question is, I wanted to make some functions of jquery and then make some PHP pages that'll interact with mysql databases and when I call the functions like query() that'll send http request via AJAX and ultimately. jQuery will run mysql – Faiz Ahmed May 04 '14 at 05:59
  • But anyone can interact with jQuery from the browser. – Faiz Ahmed May 04 '14 at 06:01
  • Yes, anyone can see your jQuery in the browser. But, it can use Ajax to call server side functions that operate your mysql database. Your server side code can be private, not your client-side code. – jfriend00 May 04 '14 at 06:03
  • Yeah but think anyone will change my query() function's parameter from selection of rows to droping of tables – Faiz Ahmed May 04 '14 at 06:05
  • It's even worse than that. They don't have to change your client-side javascript. They can just issue their own Ajax command to your server. – jfriend00 May 04 '14 at 06:06
  • So it seems that there's no solution of that. I thought node could be what I needed but I was wrong. Right? – Faiz Ahmed May 04 '14 at 06:09
  • node.js has absolutely nothing to do with this. All node.js code can be kept private, just like server-side code in PHP, Java, C#, C++, etc... – jfriend00 May 04 '14 at 06:11
  • What if I keep all the php and HTML pages that have these function password protected. Then I don't even have to worry for people to change your JavaScript or sending http requests without permission. If they try to send any http request they will be redirected to your login page. – Faiz Ahmed May 05 '14 at 09:31
  • If you want to require login for every user of your webpage, this will keep people who don't have the login credentials from using your website. – jfriend00 May 05 '14 at 18:59
  • I'm talking about backend. I'll add these scripts to only backend that will be password protected. – Faiz Ahmed May 07 '14 at 01:52