If a chrome app can work offline it means that source code is downloaded somewhere.
My question is how to protect it?
The only thing that comes to my mind is minification of javascript code. Is there anything else?
Asked
Active
Viewed 2,006 times
5
-
1Javascript is downloaded to the client machine (and can be manipulated there) for this reason it can never be secure or secret. As you say the best you can hope for is obfuscation. – Liath Jan 29 '14 at 09:08
-
@Liath, it seems to be an answer - post it. btw do you know where a source code located on the client machine? – 31415926 Jan 29 '14 at 09:22
-
@Qvarta JS is going to be down to the browser in question - I'm afraid I don't know enough about chrome extensions to be able to tell you any more. Different question! – Liath Jan 29 '14 at 09:25
4 Answers
5
There is nothing to protect it as all in the web.
But you can add a license text ;)
––––– Update: you can try to use snapshot if you use the nw.js
Alexey Sh.
- 1,734
- 2
- 22
- 34
5
You could try to put most of your app's functionality into a NaCL module. Good luck with that :-)
kzahel
- 2,765
- 1
- 22
- 31
4
Javascript is downloaded to the client machine (and can be manipulated there) for this reason it can never be secure or secret. As you say the best you can hope for is obfuscation.
Liath
- 9,913
- 9
- 51
- 81
-
I just downloaded a packaged app and ran it. I didn't see a way to inspect/manipulate the source code like with a web page. Any ideas? – Nico Feb 02 '15 at 22:55
3
Can I sell a packaged app?
Yes, but there are risks in doing so. Specifically, it is easy for motivated people to bypass payments for packaged apps. This holds true even if you have used our Licensing API in your locally stored packaged app, since locally stored content is not secure and can be modified (including calls to the Licensing API). If you’d like to have the option of blocking access to your app by unauthorized users, selling a packaged app may not be the right solution for you. An alternative to consider is moving to a hosted app model with a server-side licensing check.
