PART II
Chapter 7: Security Concerns 295
end user has the code and if their desire, patience, and skills are high enough, they can
certainly reverse it, steal it, or find any secret contained within.NNOT EOTE Interestingly, because of the admission of the reversibility of protected JavaScript, far too
many critics claim that developers shouldn’t bother. We hope that these same individuals avoid
locking their car doors or using bicycle locks as these are easily broken as well by the skillful and
intent thief. Security should never be considered absolute and should always be in proportion to
the protected secret or resource.JavaScript Obfuscation
Obfuscation is a technique of concealing meaning. In JavaScript, obfuscation techniques are
applied so that observers of the code can’t immediately discern technique or function
simply by immediate viewing of the source. The first obfuscation technique is quite simple
and you likely have seen it used. Recall, as discussed in the previous chapter, that in order
to improve performance, whitespace can be removed from JavaScript. Removing comments
should be the next step as those might be of particular interest to a source sifter. This may
also improve the code’s download footprint and make things a bit better in terms of casual
inspection.However, this is a relatively weak defense as all that is required to make this script
easier to inspect is a pretty printer.