Hide FullCalendar schedulerLicenseKey in page

Question

My company recently purchased the Full-Calendar Scheduler addon. Is there a proper way to hide the license key in code? What are good practices for this?

There's no foolproof way to obfuscate anything in a web page. If the page can decrypt the license, then so can a malicious user or bot. The fullCalendar commercial license is limited to a set number of domains, according to the documentation. I don't know how this is enforced, but if it is, it should be impossible for anyone to steal and re-use it. If you're in doubt I would do what the docs suggest and email sales@fullcalendar.io — ADyson, Jun 15 '17 at 08:47

score 4 · Accepted Answer · answered Jun 15 '17 at 22:59

You're right, there's no way to completely hide the schedulerLicenseKey from someone malicious wanting to steal it, however, a thief could much more easily use the universal GPL license key if they wanted a warning-free version of Scheduler, so it's a moot point.

In essence, the actual characters of the license key are not that secret. The license key is mainly used to know when to prompt the developer that they have upgraded past their allowed version upgrade window. Beyond this, it is essentially an honor system. This is why not much attempt is made to encrypt/validate the key.

score 4 · Answer 2 · answered Jun 21 '18 at 05:08

4

Use this code. it works under Scheduler GPL license without charges

$('#calendar').fullCalendar({
  schedulerLicenseKey: 'GPL-My-Project-Is-Open-Source'
});

answered Jun 21 '18 at 05:08

Ragupathy

149
3

score 2 · Answer 3 · answered Sep 20 '21 at 08:14

Old question, but since I just came across the same issue, I thought I'd share my 2c. IMHO the best thing to do is never expose the key directly in the code. Instead, store it in some back-end configuration file or even a database field, and read it and assign it dynamically in the front-end. Granted, in the end someone willing enough can still reverse engineer the front-end code and read it (assuming they can log in to the application), but the key will never be that easy to read, as in committed with the rest of the code in your repo.

In short, best practice is to never store license keys in the code.

score 0 · Answer 4 · answered Nov 16 '21 at 13:58

0

use 'valid' key, then your problem will be disappeared. I have some case too, then using that valid key, my problem solved.

answered Nov 16 '21 at 13:58

Kucing Garong

1
1

Hide FullCalendar schedulerLicenseKey in page

4 Answers4