I have built a new jQuery plugin and I want to be able to demo this to the user before they can purchase this. But I also don't want anybody to be able to simple copy the code without paying for it.
For that reason I have encoded the plugin using http://www.vincentcheung.ca/jsencryption/
I thought of 2 ideas to further protect/make it harder to copy:
- Hard code the domain name check against
window.location.hostname - Using AJAX send as much information about the website back to a PHP script on my server.
What extra information can be fetch using Javascript apart from the domain name. E.g. PHP you have the $_SERVER[].
Do you have any ideas to protecting it further?
Ok I just have just wrote this myself and this, seems to work on two different domains.
$.ajax({
url: 'http://example.co.uk/record.php',
type: 'post',
data: 'href='+document.location.href + '&referrer='+document.referrer
});
Record.php
mysql_query("INSERT INTO `demo` (`id` ,`datetime` ,`href` ,`referrer`)VALUES (NULL ,CUR开发者_StackOverflow社区RENT_TIMESTAMP , '".$_POST['href']."', '".$_POST['referrer']."')");
I don't think you can do that. If you want to demo to the user, just record a movie of it in action. Most of the websites do it like this.
You may not like this answer, but you cannot 'protect' your javascript in any really meaningful way. Obfuscation is your only real recourse, and that isn't meaningful protection.
You're best off just providing decent licensing terms.
Any code that is public is unprotected and unprotectable. @TheBrain's answer is the most sure fire way that they cannot steal the actual code, though they can still steal the idea and have someone else write it.
If you absolutely want to be able to let someone use this in a browser without you being there, then one tracking method is to make use of the Image object.
new Image().src = "http://mydemosite.com/tracker.php?domain=" + encodeURIComponent(window.location);
http://mydemosite.com/tracker.php would then log the calling domain and you can setup an alert for whenever the passed in domain doesn't match one that you've allowed. Naturally, you'd have to obfuscate the hell out of your code to hide this little nugget.
This solves two problems. One, it doesn't use AJAX, so you don't have to worry about the same origin policy. Two, because it doesn't use AJAX, it wont show up in things like Firefox's console tab.
Of course, this is still detectable by the diligent and obfuscated code can be cleaned and made readable, but you do what you can right? You'll probably have at least one occurrence where your tracker/logger is called, and that's all you need to be able to identify a thief.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论