For HTML encryption obfuscation, source code protection, and code security, the source code cannot be directly decompressed.
Some people have been asking how to do HTML encryption obfuscation. In fact, this is a topic that has been studied by many people in the industry.
I have prepared an article to share with you in my spare time.
What is the purpose of encryption? To what level of encryption? What can we sacrifice for this?
We know that there is no absolute security in this world, and encryption will be cracked, obfuscation will be reversed.
Technical tips, developers, and hackers are at different levels and different levels of human policies are prevented.
The higher the defense, the higher the investment cost, such as hiring a professional security company.
In addition to investment, we also need to consider program execution performance and user experience.
The encrypted code must be decrypted at run time. After obfuscation, especially after obfuscation of HTML, the execution performance of the program will decrease.
Whether it is really necessary to do such source code protection, but also need to be careful.
In general, front-end code is responsible for user experience, back-end code, and more secure data processing.
The front-end should not involve too much confidential information, so encryption is not particularly significant.
I seldom see content worth protection in front-end code, such as advanced algorithms. Many codes do not need to be protected at the expense of user experience.
However, some front-end Code involves the data security of end users. At this time, efforts should be made to protect data.
Next, we will analyze several methods.
Do not store sensitive data on the front end.
This sounds nonsense, but it is really important.
It is very dangerous for some developers to store user passwords on their mobile phones.
Even native development, once the mobile phone is root, it may cause data leakage. What's more, HTML5 development.
The best practice is to store tokens on the mobile phone end instead of passwords. Here is an article dedicated to this topic, developers involved in login are recommended to take a closer look at the design of HTML5-based APP login functions and methods for securely calling interfaces (Principles)
JavaScript and css Compression
Compression is neither encrypted nor obfuscated. However, compressed JavaScript files are often obfuscated.
Js、csscompressed is a very powerful technology. We often see that the file names of various frameworks are xxx.min.js and xxx.min.css.
Using appropriate js and css compression solutions can reduce the file volume and increase the loading speed. The most important thing is that it can speed up the execution performance of the program. There is nothing to do.
Obfuscation js is commonly used in YUI obfuscation of yahoo. In HBuilder, click menu tool-plug-in installation, which contains YUI compress, which can compress js and css.
If JavaScript and css are large, compression before release is recommended.
HTML, js, and css Obfuscation
Although compression can also be obfuscated, it does not aim to make others unable to understand. obfuscation is truly aimed at others' incomprehension.
However, such obfuscation is not as beneficial as compression, and it will reduce program execution performance.
Some developers do not want to decompress the release package and can directly see the source code. In this case, you can use the obfuscation solution.
Search for HTML obfuscation on the Internet, with many materials and tools.
The principle is similar. js code is converted into messy strings and then executed with eval. HTML code is changed to messy strings and document. write or innerHTML execution. css can also be dynamically executed in document. write <style> in write.
These tools are free and commercial. Generally, the more commercial the tool is, the more difficult it is to be confused.
This is free online obfuscation tool http://www.myobfuscate.com
This is a well-known commercial tool, http://www.jasob.com
In fact, you can write obfuscation algorithms by yourself based on the principle.
Obfuscation is also a mature technology that has been around for years. For example, Google protects gmail's front-end code through obfuscation.
Whether it is compression or obfuscation, using grunt for publishing is a good method. It is very convenient to call grunt with one click after development.
Prevent webkit remote debug, that is, prevent browser console debugging
Android and later versions and iOS support webkit remote debug. In HBuilder's tutorial, there are also tutorials on How to debug Android apps using chrome and debug iOS apps using safari.
In the App developed by HBuilder, manifest. the plus-distribute in json has a debug label marked as false and then packaged. When such a package runs on a mobile phone, webview blocks remote debugging requests from the browser.
If you want to debug, change debug to true and then package it.
Of course, some Android rom is not very standard and cannot block debugging. This is a rom bug.
Professional encryption and reinforcement Shell Service
Due to the special nature of Android, the apk reinforcement and shelling industry emerged, which is also a common apk protection solution in the industry.
Many app markets provide reinforcement services, such as 360 mobile assistant reinforcement,
There are also professional companies such as love encryption, which provide free basic security protection services and paid advanced security protection services.
Note that some non-professional security companies provide the so-called source code encryption service, which is actually full of loopholes.
Security is no small matter, and professional security service products are more reliable.
Copyright Disclaimer: This article is an original article by the blogger and cannot be reproduced without the permission of the blogger.