I am getting very interested in the very popular JavaScript.  I would like to create games with it.   One thing that concerns me is the availability of the webpages' code to others.  I would really like to watch some movies on JavaScript but I don't know how to feel about people being able to copy my code (or for that matter if it is possible.)  Am I being unrealistic?  Are there means to make the code unreadable by the occasional viewer?  Perhaps it is just html5 and css3 that can be viewed with google chrome's view source and I am confused.

Thanks in Advance,

Josheir

Why do you care if other people look and learn from your code? I think it's a good think to share.

Well I don't mind people looking and learning but I also don't want to be pirated on something that took a long time to code.  I know it's the in thing to give in the world of computers but profit is real too.  I love to program and share but I also am considering a Masters in Business.

I seem to remember back in the day that some server side language could be used to produce the client side code so it didn't show up.  Maybe it was PHP.

Thank you,

Josheir

Anything that runs on the local machine of the user can and will be cracked. Stuff running in a browser is not an exception to that rule.

The only solution is thus to keep any code you don't want to be cracked to yourself. In online games, this is fairly easy, keep the code at the server, and only send the results to the user. This is what PHP was doing too, it got expanded to a .html page by executing it on the server, and the client received and displayed the resulting html file.

Javascript got in the picture, because it runs on pretty much every browser (if not all browsers, but you know better than me), and it allows to execute any code when you hovered at some spot, or when you clicked somewhere. It gives programmable GUIs in the browser, which is much faster in interacting with the user (no need to bother the server for adding a drop-down menu, or change a single picture to acknowledge you can click it), etc.

From there it got worse, people are now writing non-trivial javascript code, and program games in the browser 

Write the game in such a way that a player needs a server you control to play the game. Javascript is the tool for making the browser "alive and interacting", ie a programmed GUI which does very little other than passing data between server and client display. Of course "very little" varies between "trivial" and "near impossible", depending on your game and the distribution of work between client and server

If it's running in the browser, I can see it.

If it's running in the browser, it needs a server, or what's the point of running in a thin client like a browser?

If it's running on the server, you can prevent people from seeing it.

If you're worried about piracy, keep important parts of your game on the server.  Let people copy the stuff on the browser, it's useless without the non-copyable server code.

Folks these days get confused by modern JavaScript "frameworks" because they end up obscuring what runs on the server and what runs on the client browser.  You just have to deep-learn your any-idiot-can-now-program tools to understand what's really going on under the hood.

All Javascript client code can be viewed by users. The only tool you have is code obfuscator, but that really doesn't change much, only add an extra layer of inconvenience.

edit: You actually do want to use obfuscator, or minifier as some people call it. Since it compacts your code, remove whitespaces and trim names, it can significantly reduce download time and thus make your game load up faster.

Could someone give me an example of a web browser game that would use a server to keep the important parts on it?  I'm not quite getting it.  

And are there any other solutions, Java for example?

Thanks,

Josheir

I have a hard time getting what you don't get, but let's try

Say you have a game, with a nifty path-find algorithm that you don't want to fall in the wrong hands. Now you have 2 choices.

1. Implement the algorithm in javascript, and run it in the browser. Gives nice and speedy feedback. Player happy and cracker also happy, as he can just see how you did it, and copy it.

2. Implement it in whatever language at your server. Local browser has to send a request for a path to the server, server runs nifty algorithm, server returns computed path. Bit more slow, player still happy with nifty path, cracker less happy, as he only has input and output of the algorithm, and not the algorithm itself, unless he cracks your server.

You can also use this to avoid cheating.

Say you have a builder game, where you produce goods of some kind. It is precious stuff, and it costs time to make it, so a good target for cracking. Now you have (at least) 2 choices.

1. Implement the entire production in the browser, and send only to the server "I produced X amounts of goods". Player happy, and cracker happy, as he can send "I made a 1000000 stuff" every 5 milli seconds to your server.

2. Implement timing of production in the server. Browser sends only "production started at factory X", server sends "production ended at factory X, Y goodies added". Player happy, as he can still make goods, cracker less happy, as he can only send "started factory X", where X has to exist, and has no further powers to force the server into believing the production ended 5 milli seconds later.

Both examples move the actual game logic to the server, and only perform GUI interaction in the browser. A cracker may even fully implement the browser code by himself, but it won't do him much good, as game progress is under control by the server.

An extreme view is that the entire game is running at your server, where you provide a nice graphical GUI at the player machine as a bonus, since most people prefer to click at a tile, rather than typing "<productionstart time="56567467636"><factory x="21" y="54"><production type="foo"/></factory></productionstart>" for some weird reason

10 hours ago, Josheir said:

Could someone give me an example of a web browser game that would use a server to keep the important parts on it?  I'm not quite getting it.  

And are there any other solutions, Java for example?

For the example, all games that have an online processing components have this. In a web game like Slither or Generals the client receives data from the server and displays it, and the client accepts data from the player and transmits it.  In Slither the game clients aren't coordinating all the motion and collision. In Generals the game clients aren't increasing the numbers or maintaining who owns whatever squares.

The game servers only transmit the things the player can sees. Instead of the client getting all information and only selectively displaying what the player should see, the player only has the data they can see and has no other extra data. The game client does not know what every square is doing, or what ever player is doing, or what moves are queued, or what else is going on within the game. In Slither that means the client doesn't have data for snakes that are distant. In Generals that means the client doesn't have data for distant tiles or data for queued moves except the ones made by the local player. The server knows all the information, but the game clients are never presented it with it.

For the protections you're talking about, if the game is entirely transferred to the client it cannot be protected. If a player downloads all the pieces to play, then an attacker can also download all the pieces to play. They can save those files and serve them from their own web sites.

This has been done by many unscrupulous people. Many Flash games, Java applets, and other web-based programs have been copied from one site to another site because it was all present. Some require changing a few assets to point to different web sites, but that is easily modified.

Java doesn't help. If you create a Java applet the files can be downloaded by a legitimate user, saved to disk, then used by an unscrupulous actor.  Compiled Java can be opened by anyone with the right tools. Languages that support Reflection mean that compilation includes all the original names. If you're using a language that supports reflection features, like Java, C#, compiled JavaScript, and more, an obfuscator can help rename everything so it isn't immediately visible through reflection; instead of seeing that something is called GameObject they see it is called TQxV or some other random-generated names. That doesn't help very much, but can slow people down slightly.  Heavily-compiled languages like C++ perform even stronger operations to remove names, and they are also easily reverse engineered by people with the right tools.

The only viable solution to keeping the game from being taken is to never give them access in the first place. That generally means the client is a viewer for data, and the server is a producer of the data. The player can have all the access to they client they want. An attacker can make a fake client that responds exactly the same way as the legitimate client, they can have full knowledge of the communications protocols, of what is being sent across the wire and why, but even with full knowledge of how the client works they still couldn't do the server processing. That's the only known way to have those protections.

13 hours ago, Alberth said:

I have a hard time getting what you don't get, but let's try

The game I am considering and almost made once does not have a lot of behind the scenes programming.  So, I wanted to understand with an example, which you did.  Thank you.

Now, according to frob even a C++ stand alone game can be pirated, which was another option for my project.  I haven't been on Steam lately, but my understanding is there are plenty of games programmed with C++.  I wonder what their philosophy is.  I don't think they all have 'upgrades' on the server?

In short, What do I need to do to win (besides what we said)?  Do I need to think a certain way?  I want to make some revenue.

Josheir