I'm making an electron application along with create-react-app for the frontend. The application requires an active MQTT connection. So, somewhere in my electron code, i have to include the credentials for accessing the MQTT broker. These credentials are not something that an end user should be aware of, so i decided to hard code it.
After packaging the application with electron builder, for any platform, there's always a .asar file in some resources folder after application installation that can easily be extracted with the help of npm libraries like asar.
After extraction, all of my electron source code is out in the open and so are the credentials. Is there any work around for this?? Is nw.js the only other way to avoid this happening or is there a way to use some c/c++ addons for this??
Also, are there any electron react alternative boilerplates that somehow overcome this?
Code obfuscation is a somewhat ineffective solution for this as the password is still there, its just hard to find. This is my first electron application so haven't really found much else on how to overcome this.
