announcement : free : *true* javascript obfuscation code in PHP - the end of var name leakage.

Seriously? It's an OBFUSCATOR - it will take someone like the NSA about 10 seconds to crack it - likewise anyone else with access to a supercomputer (which basically will mean any university can do it, with allotted access-time). It's not a super-weapon, it just makes the code a little bit harder to read for the human eye - for a computer, however, it's NOT particularly hard to read AT ALL, obfuscated or not. Until you add some form of encryption, and keep the encryption key hidden / secret, so that only the original creator knows it, then we're talking a bit of trouble... before that happens, though, you're being paranoid, and for all the wrong reasons.

 

ok ehm, i have gone on a short camping trip (quite nice) and while on the road i had a flash of sanity; compiled programs dump the variable names as well, and there are indeed compiled-computer-program virusses in existance (for a long ass while even ), so ehm.. it's baaaahack..
https://github.com/seductiveapps/webappObfuscator
http://seductiveapps.com/tools/webappObfuscator

 

eh popsicle, dude... how the F r u gonna make sense of a computer program when you don't have a human making new variable names and function names for whatever you can indeed easily re-compile into higher-language code structures?...

 

Uhm... what? You lost me. Elaborate on what you mean, please?

 

You would be surprised -- it's a bit like using a disassembler for machine language programs. It's more difficult, but not impossible.

Machine language when compiled from an assembler loses all the labels, macros and other bits, but you can still figure out what it's doing without those labels or the placeholder labels generated by a good disassembler.

It's why obfuscating the actual function names would be more effective, but usually is fairly easy to reverse since it HAS to be reversible to even run client-side in the first place.

Though the concern you had about security and figuring out what things do? That's why I hate minification, why I REALLY hate base62 compressors, and is one of my BIGGEST concerns about the upcoming incorrectly named "web assembly"... since the moment we go to bytecode distribution that means no labels, meaning no function or variable names, meaning client-side you might as well be running binaries.

It's going to come down to what they do and do not allow "webassembly" access to. They lock it down too much it won't be useful; they lock it down too little and say hello to Mr. Security Nightmare.