How to protect source code of chrome packaged app? - javascript

If a chrome app can work offline it means that source code is downloaded somewhere.
My question is how to protect it?
The only thing that comes to my mind is minification of javascript code. Is there anything else?

You could try to put most of your app's functionality into a NaCL module. Good luck with that :-)

There is nothing to protect it as all in the web.
But you can add a license text ;)
–––––
Update:
you can try to use snapshot if you use the nw.js

Javascript is downloaded to the client machine (and can be manipulated there) for this reason it can never be secure or secret. As you say the best you can hope for is obfuscation.

From google developers FAQ
Can I sell a packaged app?
Yes, but there are risks in doing so.
Specifically, it is easy for motivated people to bypass payments for
packaged apps. This holds true even if you have used our Licensing API
in your locally stored packaged app, since locally stored content is
not secure and can be modified (including calls to the Licensing API).
If you’d like to have the option of blocking access to your app by
unauthorized users, selling a packaged app may not be the right
solution for you. An alternative to consider is moving to a hosted app
model with a server-side licensing check.

Related

Service Workers in Cordova Hybrid Mobile App

we have done extensive work to determine if there is ANY possible way or hack that anyone has figured out to get service workers working in a Cordova app (not using Ionic)? Ionic actually doesn't work with true service workers either but that's another thread.
Obviously, the service worker has to come from a trusted host 'HTTPS' and our build comes from local host on File:///
We have tried the whitelist plugin, and we are aware there is an iOS plugin (which we don't want to fuss with) until we know we can also get them working on Android. Has anyone found a creative hack to make this work, or has Cordova updated to support this API yet (as it's the future of development)?
Even if you have constructed a hack solution we'd like to hear. Considered using PouchDB to help with offline access but that really doesn't help us run server tasks off the main thread and in the background, additionally we worry it could conflict with SQLite which we also use.
This seems like the last posts on this were quite some time ago so if any Cordova or PhoneGap folks could chime in and help a client-side rendered local host implement these, much appreciated.

What is the easiest way to store a variable in node.js?

I am migrating my script from Google Chrome Extension to node.js
And I simply need to store a couple of variables, nothing fancy and performance isn't an issue either, since they would only be accessed when the script is restarted.
In Google Chrome Extension I would use the client side HTML5 storage (localStorage)
However as a server language node.js doesn't have this feature and it's not surprising.
I could of course install some database and being particularly familiar with MySQL this is not an issue, but, if there is a simple way of storing my configs - I would much like to try it out.
If u get experience with localStorage you can use node-localstorage.
I'd recommend using sw-precache, aka service workers. They run in the browser and can be used by the fetch api. Here's a great node_module that will accomplish your needs.
https://github.com/GoogleChrome/sw-precache
Here is a codelab that explains service workers in more detail:
https://codelabs.developers.google.com/codelabs/sw-precache/index.html

Javascript not working on downloaded websites

So recently I was looking at some well-designed websites, with the functionality that I want to achieve / learn.
However, the problem is, that even though I manage to download the complete website (most recently I was using Scrapbook from Firefox), the website is not fully functional. Seems like the JS isn't working..
For example, a page like this.
When downloaded, the animations, progressive loading etc. are missing. I am guessing it's using Ajax to communicate with the server then?
Or what's the reason? Is there a way to get it working?
Cheers.
Most probably this is due to some scripts needing to be served from a domain name instead of localhost (your local machine). Your best bet is to learn how to set up a local web server with a package like XAMPP or MAMP. This is useful way beyond serving downloaded sites to inspect how they work. You can actually have a complete development environment this way.
Bonus tip: check out sites like Code Academy to learn even more about the ins and outs of web programming languages.

How to best test JS code and effect of interaction with data file

Can anyone tell me what's the best way to test JavaScript code (particularly linking it to a data file e.g. csv or Json) without it being in a server (i.e. from desktop). I'd like to create and test the JS on my machine before deploying it to the work intranet. Not had much experience with running server on laptop so would like to avoid this if possible.
Running a webserver on your desktop really is the best solution for this, since ajax calls are not allowed for local files.
You could look into xampp, or just fire up your IIS to run your own webserver. xampp is probably a bit easier if you have no experience with web servers what so ever.
Alternatively, an IDE might provide an ad hoc webserver. Visual studio express for example uses a built in development server that alows you to serve your files, some experience with this IDE is obviously also required.
If all this doesn't work you can always try a sandbox service like http://jsfiddle.net/
A fully fledged and free online IDE to develop/test/deploy your code can be found at Cloud9
You might be running into this problem. Basically certain security policies don't allow you to fetch local files . This question talks a bit about how to deal with Same Origin Policy things. A google serach of "Same Origin Policy"+(browser name) might help out too.
This article gives workarounds for most major browsers.

Are client-only web applications possible?

I want to create an internally used web app that can be run with just a copy of the web app and the DB (anything from a text file to MS Access/Excel would work fine). Is this possible? I don't want users to have to setup a SQL server to get the app to work. Having the files necessary to run the web app stored on a shared network drive would be ideal, for example. The problem is that JS can't write to a DB. Is there anything that can use to do this?
Like mentioned, I can assume that Access/Excel are installed, if there's anything that might help there.
It's most certainly possible. W3 has put up the specs for a client side database that can be accessed by JavaScript. The modern browsers have good support for it, and since this is for an internal application, you would have some level of control I believe.
Checkout this slide that shows a live demo of Indexed Database. The full spec can be found here. See this link for browsers that currently support IndexedDB. Here's another set of slides showcasing how to use IndexedDB.
However, with this approach, each user's browser has its own DB locally. If you want a centralized DB, then you will need a server.
You can perform database transactions with JavaScript. This is generally discouraged, because it has terrible security implications. However, in a completely local environment, you are probably not causing any additional security risks. (Because, your database is already on the user's machine.) You can see an example of how to use ADO in JavaScript at How to connect to SQL Server database from JavaScript in the browser? .
Possible, yes, Like Making cars that can float in the sea but could not work on dry roads.
Use winforms or something similar. Use the right tool.
If you insists, Firefox plugins can behave in the way you mentioned, and there is a way to bundle a web application with it's server (check the beginner tutorials for RoR to have an example for something similar with webrick).
If I understand your requirements, you might look into ColdFusion.
For example, you can run a DB query pretty simply, check here, in Adobe

Categories