javascript - ProcessingJS code permission -

-

since java updated security settings in jan. , can't afford trusted certificate sign in jar file online, 200 usd year, converted processing2 jar file processing1.5 javascript file. , problem is, let visitors see js output, have let them @ least 'read' pde file, while don't want make source code public.

so how can present work without releasing source code? lot!

my processing folder under /var/www/html/visual:

-rw-r--r--. 1 root root   2709 sep 10 21:03 main.pde -rw-r--r--. 1 root root    238 mar  6 15:12 proj01.html -rw-r--r--. 1 root root 231867 mar  4 23:55 processing-1.4.1.min.js

the html file looks (so visitors know pde file name):

<!doctype html>    <html>    <head>       <script src="processing-1.4.1.min.js"></script>   </head>    <body>       <canvas data-processing-sources="main.pde"></canvas>   </body>   </html>

and self-signed jar file blocked java update51 unless visitors manually set security level lowest. certificates bought services symantec or godaddy can let jar file run smoothly in browser. enter image description here

yes there easy ways hide code (and other assets). aren't bulletproof, it's close compiled code without getting overly paranoid. see here self-executing anonymous function, leaving nothing behind dust , ashes (and of course running processing.js sketch). inside function goes processing code, base64 encoded (see marked spot, see below more info)

it import library, setup canvas, , run it. no pde, no script element, no canvas-id except processing sets. no reference code except somewhere inside global processing library object, couldn't find after 5 mins considered safe enough.)

(function(){     var lib,code;     code=atob("/*your base64 encoded code goes here*/");     lib = document.createelement("script");     lib.src="processing-1.4.1.min.js";     document.head.appendchild(lib);     lib.onload=function(){         var canvas,pjs;         canvas = document.createelement("canvas");         document.body.appendchild(canvas);         pjs = new processing(canvas,code);         this.onload=null; } })()

additional info base64 encoding: methods transforms datastring. use btoa() encode, or atob() decode. there websites encoding you, it's more comfortable if have big files -not- in javascript in case.

it can applied on sorts of assets, making possible create entire games sound , textures without external resources example. it's way represent data, it's not "compiled" encoding doesn't permanently change code don't need run atob() on string , it's instantly in original form.

additional info how run script: can hide script tags somewhere in dom tree (may easiest solution) load @ external javascript (maybe experiment obscure file names, omitting .js extension or using one) here apply minification. base64 string 95% of code , rest minified , indistinguishable encoded data.

there tons of ways improve that, in directions, wanted stick ones think practical you. if want more, ask.


Comments

Post a Comment

Popular posts from this blog

c# - How to get the current UAC mode -

-
can check current uac type set in device before running application through c#. i got know approach check whether current user administrator or not. but, need know uac type set (i.e. default/never notify) internal logic. is possible? please help. this article self-elevation , checking level program runs in. due security reasons i'm afraid won't able retrieve uac level set. http://code.msdn.microsoft.com/windowsdesktop/csuacselfelevation-644673d3
Read more

postgresql - Lazarus + Postgres: incomplete startup packet -

-
i've been building lazarus pascal program using postgresql on back-end. used work fine following lines opening db. dbconn:= tpqconnection.create(nil); dbconn.hostname := 'localhost'; dbconn.databasename:= 'dbhrs'; dbconn.username:='mizk'; dbconn.password:='123'; dbconn.open; if dbconn.connected openhrsdb := true else openhrsdb := false; but moment change localhost server's ip (on lan), program stops. no errors or warnings. have no clue happening. here related details may narrow down problem. the program i'm running workstation on same lan server. both machines run ubuntu 12.04 desktop i can access postgres db on server using pgadmin iii, guess it's not firewall issue. i have allowed postgresql ufw , ufw disabled. strangely, when firewall disabled, can ssh server terminal using workstation. when it's enabled, can't my biggest concern right why pascal program not working when i...
Read more

javascript - Ajax jqXHR.status==0 fix error -

-
$.ajax({ url: urlstring, datatype: "json", type: "get", success: function (data) { alert(data); }, error: function (jqxhr, exception) { if (jqxhr.status === 0) { alert('not connect.\n verify network.'); } else if (jqxhr.status == 404) { alert('requested page not found. [404]'); } else if (jqxhr.status == 500) { alert('internal server error [500].'); } else if (exception === 'parsererror') { alert('requested json parse failed.'); } else if (exception === 'timeout') { alert('time out error.'); } else if (exception === 'abort') { alert('ajax request aborted.'); } else { alert('uncaught error.\n' + jqxhr.responsete...
Read more