security - How to obscure sensitive data written in Javascript? -


i have developed web application makes use of google sign-in within angularjs application.

since client_id , api_key written in javascript think it's quite easy find them out browser's dev console.

apparently it's possible "obscure" js code (e.g. how can obfuscate (protect) javascript? ), concern is: make impossible potential attacker access keys?

if not, what's best practice in case? i've heard of kind of backend obscure keys written in js. kind of "gateway"

just mention, concerns not google apis code write not "open source" unless decide so

edit: since i'm not sure doubt completley clear, here actual question

what methodology can use prevent users "stealing" keys? there exist service serves gateway? shall design 1 on own? 

does make impossible potential attacker access keys

you can compress and/or obfuscate process always reversable long application requires plain keys.

all code write not "open source" unless decide so

with choosing javascript language , browser platform already decided go open source.

you obtain copyright code, you're left putting in proper license header , knowledge companies make money wouldnt dare "just rip" code. people interested in how accomplished would'nt go through hassle of reversing compression and/or obfuscation.

edit: non public api keys bound specified referrer domain.

to prevent key being used on unauthorized sites, allow referrals domains administer.


Comments

Popular posts from this blog

google chrome - Developer tools - How to inspect the elements which are added momentarily (by JQuery)? -

angularjs - Showing an empty as first option in select tag -

php - Cloud9 cloud IDE and CakePHP -