7

I wan't to protect the code of my node-webkit desktop application packaged in an exe file. The problem is not on the file directly but with the dedicated port for remote debugging.

Perhaps I haven't understood something but, on Windows, if I execute a "netstat -a -o" command, I see an open port associated to the application and if I open this port on my browser, I have a page with "Inspectable WebContents" and a link to the webkit application.

With this debug window, it's possible to access to all the sources of the app and I don't know how to disable this feature.

Peter O.
  • 32,158
  • 14
  • 82
  • 96
Fabrice Bazzaro
  • 107
  • 7

1 Answers1

1

For now, I think there is no actual way to disable remote debugging in nw.js.

Even so, according to the wiki, remote debugging seems to only be executed through the command line switches. Therefore you can block the chromium command line switches (or only --remote-debugging-port) to prevent arbitrary remote debugging by user until nw.js supports disabling functionality of remote debugging.

For instance:

const gui = require('nw.gui');
const app = gui.App;

for (let element of app.fullArgv) {
    // app.argv has only user's switches except for the chromium args
    if (app.argv.indexOf(element) < 0) {
        app.quit(1); // invalid args!
    }
}

However, I am not quite sure the above code could protect your application code, because the nw.js is using Chromium internally. So that, the application code would be extracted in temporary folder on initialization. Whereas above solution isn't really protect your nw.js application. See more details: https://github.com/nwjs/nw.js/issues/269

Note: node-webkit has changed name to nw.js

Preco Plusb
  • 615
  • 1
  • 9
  • 14