kaasis Posted May 30, 2017 Share Posted May 30, 2017 Hello! I recently started working on game which is based with socket.io to make multiplayer game. But the thing is that all client side code is available anyone to read it by just inspecting source. Is there ways to encrpypt that code as much as possible? I see same thing is doing Phaser when building their product into .js file, it's just ton of text which is unreadable by human eye, i wanna know how i can do that what Phaser does. Link to comment Share on other sites More sharing options...
Jammy Posted May 30, 2017 Share Posted May 30, 2017 @kaasis You can minify and uglify with tools like UglifyJS https://github.com/mishoo/UglifyJS2 And you can obfuscate but it may impact performance more. https://github.com/javascript-obfuscator/javascript-obfuscator It's worth researching minification, uglification and obfuscation. Link to comment Share on other sites More sharing options...
kaasis Posted May 31, 2017 Author Share Posted May 31, 2017 6 hours ago, Jammy said: @kaasis You can minify and uglify with tools like UglifyJS https://github.com/mishoo/UglifyJS2 And you can obfuscate but it may impact performance more. https://github.com/javascript-obfuscator/javascript-obfuscator It's worth researching minification, uglification and obfuscation. How about UglifyJS2 security? Like is it hard to decrypt it? Also, i did research this type of stuff previously but didn't find really good solution. Link to comment Share on other sites More sharing options...
FakeWizard Posted May 31, 2017 Share Posted May 31, 2017 Your code will always be accessible to the client, neither obsfucating nor uglifying prevents users from altering/tampering with your code. The uglifying in fact, only slows down the process of understanding your code. Therefore instead of spending too much time on encrypting the code on client side, you should work on the backend code to ensure the data form client are accurate. Nesh108 1 Link to comment Share on other sites More sharing options...
Nesh108 Posted May 31, 2017 Share Posted May 31, 2017 @kaasis javascript and frontend are a special beast. If you need security on your frontend, that means you are not doing the correct thing. Imagine you are the bank (backend) and the user is a customer of such bank (frontend), you allow them to fill-in forms, withdraw money and even cash in checks but they absolutely need to go through YOUR people. Would you put a fully unconstrained ATM behind a locked door? No, you would double-check every action and transaction before, during and after they have been executed and keep track of any inconsistencies. On the other hand, if you are talking about security in terms of "people not stealing your code", as it has been already said, you can minify, uglify and obfuscate to basically make any attacker spend more time trying to undo those actions than writing the whole thing altogether. Link to comment Share on other sites More sharing options...
kaasis Posted May 31, 2017 Author Share Posted May 31, 2017 5 hours ago, Nesh108 said: @kaasis javascript and frontend are a special beast. If you need security on your frontend, that means you are not doing the correct thing. Imagine you are the bank (backend) and the user is a customer of such bank (frontend), you allow them to fill-in forms, withdraw money and even cash in checks but they absolutely need to go through YOUR people. Would you put a fully unconstrained ATM behind a locked door? No, you would double-check every action and transaction before, during and after they have been executed and keep track of any inconsistencies. On the other hand, if you are talking about security in terms of "people not stealing your code", as it has been already said, you can minify, uglify and obfuscate to basically make any attacker spend more time trying to undo those actions than writing the whole thing altogether. I mean, i understand it already. All the calculations need to be done on server (Which i already have, so far) But how about the game itself? That's why i want to hide code atleast a bit so it's not that you can steal game code with copy/paste. I will gonna take deeper look at uglifying and obsfucating code. Thanks guys for the answers! Link to comment Share on other sites More sharing options...
Sturb Posted May 31, 2017 Share Posted May 31, 2017 @kaasis You won't be able to encrypt your Javascript code. You can only go as far as uglifying and minifying it. Javascript isn't a compiled language. It lives and executes on the page that loads it. That's just how it works. You will always be able to get any Javascript that is running on a web page by inspecting, there is no real way to hide it, which is why we uglifying/minifying it. As mentioned in the above posts, this will slow down people trying to make sense of your game code, however if someone is dedicated enough, they might be able to make sense of it (however that would take a ton of time and dedication to do). Jammy provides some links that will help. Link to comment Share on other sites More sharing options...
Recommended Posts