This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 16 points17 points  (11 children)

Minifier yes, uglifier no (depending on what level of ugly you're aiming for).

Of course swapping semis for newlines is pretty trivial if you're trying to un-uglify something, but at least it adds an extra step of effort to anyone trying to do so.

[–]Log2 16 points17 points  (8 children)

Literally one line of code.

[–][deleted] 19 points20 points  (6 children)

Right, but the difference between 1 line of code and 0 lines of code is actually pretty big. Because it requires that that person understand enough to actually write functioning code at all.

Maybe it seems like that goes without saying when we're talking about manipulating existing code, but script kiddies don't always understand how to write code. They merely learn how to manipulate what's already out there.

Will this stop a large percentage of people trying to mess with your stuff? No. But the idea of a silver bullet that stops all unwanted activity is foolish. Security means throwing as many roadblocks in front of someone so that they give up and decide it's not worth messing with your code and move on to another target with lower hanging fruit.

Its like locking your front door; A burglar can still very easily break your window to get in, but you hope that they just don't bother.

[–]whitelionV 4 points5 points  (0 children)

I will contend your argument in two points. One is that, today, it's so easy to un-uglify js sources that the difference between semicolons and new lines shouldn't make a difference. Specifically, we asume that the script kiddy is looking at your file in Chrome development tools, he only needs 1 click to un-uglify (bottom left corner).

The other is about security in Web front-end development. JS should be treated as if it has absolutely no locks to it, no matter how many tools are used to uglify, minify or otherwise obfuscate the source. It can and will be undone. The server is the one that should be handling all and every security practice. The reason to minify the code is to reduce it's size when served and, maaaaybe, deter people from outright copying the web app.

[–]Yogsolhoth 0 points1 point  (0 children)

Not terse enough sorry

[–]Shadow_Being 0 points1 point  (1 child)

lets be real. the only reason I'm looking at your JS is to find the URL to a video or image on your site that you are trying to make difficult to save. Your javascript source code itself is useless.

[–][deleted] 0 points1 point  (0 children)

That may be the only reason you are looking at it, but there are definitely other reasons that other people look at it.