javascript uglify 和 obfuscate 的区别?多一个安全吗?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22070512/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
difference between uglify and obfuscate? Is one more safe?
提问by Connor Leech
Recently I was asked to obfuscate my javascript in order to hide a client's api key. I'm using grunt.
最近我被要求混淆我的 javascript 以隐藏客户端的 api 密钥。我正在使用咕噜声。
Will grunt-contrib-uglifyobfuscate my js?
会咕噜-的contrib-丑化混淆我的js?
What's the difference between uglify and obfuscate? Is one much more safe than the other?
uglify 和 obfuscate 有什么区别?一个比另一个更安全吗?
采纳答案by Isaac
Uglify is a code minification tool. It parses the JS, building a token tree out of the code, which can then be used to either compress/minify the code or 'beautify' it, making it readable for debugging, etc. Uglify will NOT obfuscate your code.
Uglify 是一个代码压缩工具。它解析 JS,从代码中构建一个令牌树,然后可用于压缩/缩小代码或“美化”它,使其可读以进行调试等。Uglify 不会混淆您的代码。
On the other hand, using an obfuscation tool such as Stephen Mathieson's Obfuscatorcan concatenate multiple project files into one, bundling requires and packaging. In this case it also Uglifies the entire job at the end, resulting in an obfuscated, minified JS file. It's not 100% secure, there are ways to de-obfuscate JS code, but it makes it much more difficult to decipher than flat text.
另一方面,使用诸如Stephen Mathieson 的 Obfuscator 之类的混淆工具可以将多个项目文件连接成一个,捆绑需要和打包。在这种情况下,它还会在最后使整个作业丑化,从而产生一个混淆的、缩小的 JS 文件。它不是 100% 安全的,有一些方法可以对 JS 代码进行反混淆,但它比纯文本更难破译。
HOWEVER, I would recommend keeping a client's API key out of browser-side code whenever possible. Even if it is obfuscated, it can still be found
但是,我建议尽可能将客户端的 API 密钥保留在浏览器端代码之外。就算被混淆了,还是能找到
