3 Replies Latest reply on Jan 5, 2010 10:02 AM by petrushpatrush

    How can I protect my html/js application

    samichang

      Hi,

      I coded an air application using html/js, after packaging the app, I can rename the .air file to .zip and cas see what is inside : all my html/js/css files, it's the sam thing after installing the app : the end user can see the source code of my air application and I think this is very annoying : I can not protect my source code if I sell the application, and the end user can alter the source code witch can be very dangerous !!!

      Is there any option is the adt program to obfuscate ou encode source code ??

        • 1. Re: How can I protect my html/js application
          petrushpatrush

          Hi samichang,

           

          I am faced by exactly the same "difficulty". When developing non-trivial web- or AIR-apps the wish arises to protect the codebase in any way. Lastly I ended with 3 possibilities which I will have to ponder against each other:

           

          1. Using a strong JS code compressor (Google Closure Compiler!!!)

          2. Keeping as much logic as possible on the server side (no everywhere applicable)

          3. Coding valuable algorithms/calculations in a language like Java or C, compiling them and
          using them via IPC (came up in AIR2) or TCP-Sockets.

           

          What I'll definitely do is chasing my code abse through Google's Closure Compiler so that everybody trying to debug/modify my code has to sacrifice many many hours and some heavy headache. Sure, it's not very effective, but coding in AS3 and compiling to SWF isn't effective too. Thanks to SWF-Decompilers everyone can get the underlying code similarly crippled like the one produces by GCC.

           

          I appreciate any suggestions.

          • 2. Re: How can I protect my html/js application
            samichang Level 1

            I think the first solution is the best.

            As you said, even developing with flex is not secure, so adobe should find a solution for this problem ...

            • 3. Re: How can I protect my html/js application
              petrushpatrush Level 1

              Hmm ... yeah, maybe kind of binary encoding might be useful. But I don't think that Adobe would do this. Literally the whole nature of those "open webtechnologies" consists of their "openess" in a certain kind. Maybe a smart guy comes up with a nifty hack using the DOM's application cache property where content is cached pre-compiled. Let's see...

               

              Cheers