Reputation: 2387
Protect code/content by domain name
I am writing a javascript product but it will be licensed to individual domain names. So in order to protect it from copy and pasted from the demo or from one site to another the code should only allow itself to run properly when it's on the right domain.
The encryption can be done server side by php when a user purchases the item and keys in the domain he wants to use it on. So it goes something like this:
var encryptedtext = "My text here";
function decrypt(){
//decrypt using domain name.
}
print( decrypt(encryptedtext) );
I don't need it to be strong. The product will cost only a few dollars and the protection should be enough to demotivate any cracking.
The biggest weakness I find is it is very obvious that it's taking the domain name as the decryption key. What would be the best way to mitigate this?
Upvotes: 0
Views: 373
Answers (1)
Reputation: 157
You could hash the users registered domain and include it in the JavaScript script you give them, then hash the actual domain at runtime with JavaScript and compare it to see if it matches whats included in the script. You could also use xor to encode stuff. Ultimately all client side code is visible unobfuscated at runtime tho.
Upvotes: 1
Related Questions
- Preventing Users to view my JavaScript source file
- What are the ways to protect javascript code
- How can I hide/protect my client-side HTML/JS code?
- Is it possible to allow html to only run on a specific domain?
- How to prevent our site from visitor access via domain masking or url masking
- Block js file access from webpage source
- Protect content in Javascript
- Javascript file for single domain
- Javascript security / cross scripting on same server