Users are connected by my script species
& lt; script src = "// domain.com/user-uuid/script.js"> ;< ;/script> on your website. PHP The template generates on the script for them (depending on the settings and many other conditions).
The other day the theme of the script protection got up, the script is paid and costs money, all logic is on the front-end, it does not compose difficulties. Until recently, they relied only on Secret of the elusive Joe .
What options I have:
plus : very high-quality obfuscation, with a variety of defense against deobfuscation.
minus : relatively slow and does not work on simple shared hosting
Simple code encryption by some algorithm and execution via
plus : speed is as needed.
minus : Find it easy – if you can replace
console.log, the unfair will immediately receive a decrypted code.
Answer 1, Authority 100%
So, I had a rather specific project structure,
JS code was generated on the go using
PHP . It was necessary to comply with the code, but leave the ability to add some data on the go to PHP.
Now I will tell you how I solved this problem.
I have been locally converted code and put it in the next folder after the changes.
First, I connected WebPack. Parts that previously inserted on
PHP are now connected using
Require . Also, this positively affected the project code structure.
“Dynamic” data that should be inserted using PHP, I insert in the form of variables like
__ $$ CONFIG $$ __ and
__ $$ is_dev $$ __ which using PHP was replaced on the go to the JSON array or code. In the same way, some data were replaced in string literals. I added these lines and identifiers to the list of exceptions, so that the obfuster does not rename them.
After the changes, I do
NPM Build and then I make a commit in which in one folder changes in the source, and in the other – in the obfused assembly. And then the cron script pulls up the update from GitHub to hosting.