Press "Enter" to skip to content

Thoughts on Code Obfuscation

Joy George Kunjikkur reminds us of worse times:

Long long ago I was given the special task of hiding code. Hiding code..what? Yes, we have to deliver code in such a way nobody should be able to reverse engineer.

I’ve run into problems around this in modern code as well. For example, using client-side React means that you aren’t going to be able to hide secrets like credentials, connection strings, etc. in a way that users absolutely won’t be able to see them. In the SQL Server world, some companies use encrypted stored procedures, which is a joke considering that you also need to ship the keys to decrypt those procedures, meaning that an enterprising user can get around your obfuscation attempt in moments.