0

I read this post securing the source code in a node-webkit desktop application

I would like to secure my font files and I was thinking this snapshot approach might be a way. So instead of running this

nwsnapshot --extra-code application.js application.bin

Could I run

nwsnapshot --extra-code font_file font_file.bin

Then in package.json add this?

snapshot: 'font_file.bin'

Or would there be an alternative mechanism to reference the binary font? Would it be possible to convert the CSS file referencing the font into binary? Can anything else other than javascript be converted to binary?

Community
  • 1
  • 1
Jack Shultz
  • 2,031
  • 2
  • 30
  • 53

1 Answers1

0

One dumb thing you can do is to add your assets to the exe file as stated here: https://github.com/nwjs/nw.js/wiki/How-to-package-and-distribute-your-apps#step-2a-put-your-app-with-nw-executable

Basically you have to create a zip of your content (included your package.json) and rename it to "package.nw" then you can "merge it" into the exe file by typing this if you're in windows (the link explains how to do this in other OS's):

`copy /b nw.exe+app.nw app.exe `

This is not a great security measure (beacuse it can be opened as a zip file) but is one step further.

Another thing that could add security to your files is to encrypt them and then add them dinamically through js (while decrypting them) for this you could use the encrypt and decrypt methods available in node. http://lollyrock.com/articles/nodejs-encryption/

However the weakest point in the application is still the packages.json file and for this nw provides nothing.

Cheers!

martuanez
  • 59
  • 1
  • 7