So far, we have talked about ways to make sure your application works as expected by preventing both the user and outsiders from modifying your source code. But that's not the only threat to your application you need to worry about.
As JavaScript has become popular in standalone and mobile applications, piracy has become a real issue also in this realm.
I'm sure we've all clicked "View Source" to learn how to do a cool new effect or trick, and adapted what we've learned to our websites. That's not what I'm talking about here.
Instead, let's assume you created a popular mobile game in HTML5 and JavaScript. Thanks to JavaScript's portability, you can use the same code on Android, iOS, and other platforms, and reach a larger audience without the extra work from writing native versions for every environment. But there's a problem: anyone can copy your JavaScript code, make a few modifications, and sell it as their own!
The transformations in the previous step help prevent this by making the code hard to read and reverse engineer. In addition to them, Jscrambler adds code traps, functionality that makes the code protect itself.
Let's take a look at some of them.
In Jscrambler, in the list of transformations, you'll find a section titled Code Locks.
 |
Using them, you can limit the execution of your code to a given set of browsers, a time frame (useful for demos that shouldn't be runnable after the preview period is over), on a given domain (usually yours), and a particular operating system.
One more powerful feature for protecting your code is Client-side RASP (Runtime Application Self-Protection). It modifies your JavaScript code, making it defend itself from runtime tampering. For example, the application will stop working if anyone tries to open the debugger.
Finally, in the Optimization section, select Minification to minify the code and make the file smaller.
 |
 |
3. Use Templates to Make Your Work Easier
As we have seen, configuring your protection level by selecting checkboxes one by one is straightforward. But you can still speed up your workflow by grouping your common combinations of transformations into templates.
Once you have found a set of transformations that you'd like to store for future use, click Create Template at the bottom of the Application Settings section.
Jscrambler will prompt you to give your template a name and description.
 |
You can also use one of the templates already available on the Your Templates tab:
 |
4. Make Jscrambler a Part of Your Development Workflow
So far, we have covered some ways in which Jscrambler can help you protect your application using the web UI. While the interface is intuitive, as your application grows, you'll want something more straightforward.
Also, as I mentioned earlier, Jscrambler is polymorphic, generating a different output every time. So, it's useful to run the tool again now and then, even if there are no changes to the specific files.
To do this, let's look at Jscrambler's command-line tool.
First, download and install the command-line tool using npm. On your command line, type:
- sudo npm install -g jscrambler
Notice that to use the command-line tool, you'll need to use an actual application instead of the playground script. So, if you don't have an application yet, create one now.
After selecting the transformations you want to apply, click on the download button at the top right corner of the page. This will download your settings to your computer as a JSON file.
 |
Then, run the jscrambler command to execute the transformations on your JavaScript files.
For example, if you only have one file, test.js, you can run the following command:
- $ jscrambler -c jscrambler.json -o test.protected.js test.js
To run the protection for all JavaScript files in the project directory, you can use something like this:
- $ jscrambler -c jscrambler.json -o protected/ **/*.js
Now, you don't have to go back to Jscrambler's web UI every time you make changes to your JavaScript files. This will make it more likely that you'll remember the step, and thus keep your application secure.
As a further improvement, you could also set up the Jscrambler task to run whenever there are changes in your scripts, for example using Grunt. Or it could even be a task on your continuous integration server, running whenever a new version of the code is committed.
Conclusion
Jscrambler provides cutting-edge tools to make it hard for crackers, cheaters, and malware to inject unwanted functionality to your application or change your application's variables. It also makes it hard for others to copy your code and redistribute it as their own.
Security is a complex field with multiple different threats to consider. So, when your JavaScript code talks to a server, the best solution is to use a combination of server development best practices, robust parameter validation, and a JavaScript security platform such as Jscrambler to make the client tamper-proof. This way, you can prevent most of the attacks against your application's integrity already in the client and make sure your customers get the experience you designed for them to have.
Written by Jarkko Laine
If you found this post interesting, follow and support us.
Suggest for you:
JavaScript for Absolute Beginners
JavaScript For Beginners - Learn JavaScript From Scratch
JavaScript for Beginners
JavaScript Bootcamp - 2016
JavaScript Tutorials: Understanding the Weird Parts
No comments:
Post a Comment