Safety and/or protection of source code

Everything else that doesn't fall into one of the other categories.
_Marc_
Posts: 23
Joined: Wed Mar 30, 2016 7:49 am

Safety and/or protection of source code

Post by _Marc_ »

Hi,

Afaik I can't prevent a user from downloading the JS files, so they can browse its contents.

What are the risks regarding the source code? How can I f.e. hide/protect passwords/tokens I might need for connecting to external databases/services?
Fred
Site Admin
Posts: 1506
Joined: Mon Feb 24, 2014 10:51 am

Re: Safety and/or protection of source code

Post by Fred »

Even if you could 'hide' the code, it could be easy for anyone to snoop on your network connection and see what happen. You should never store password client side, even in a regular desktop application. For authentication, you should ask for a login, hash the password with SHA1/2/3 and use an HTTPS connection to request your server.
_Marc_
Posts: 23
Joined: Wed Mar 30, 2016 7:49 am

Re: Safety and/or protection of source code

Post by _Marc_ »

Fred wrote:Even if you could 'hide' the code, it could be easy for anyone to snoop on your network connection and see what happen. You should never store password client side, even in a regular desktop application. For authentication, you should ask for a login, hash the password with SHA1/2/3 and use an HTTPS connection to request your server.
I understand. But sometimes you'll have something in the code that needs to be kept a secret (on the server side). Those secret codes will never be transferred over the internet, but only used for creating an other token (e.g. refresh token) or hash. So maybe some sort of web.config from which my web application will read it's data.
Fred
Site Admin
Posts: 1506
Joined: Mon Feb 24, 2014 10:51 am

Re: Safety and/or protection of source code

Post by Fred »

Well everything which is meant to be secret should be on the server, and never in a client side JavaScript. SpiderBasic only create the client-side of your application. You will need another software to create your server-side aplication (PHP, PureBasic as CGI, etc.).
_Marc_
Posts: 23
Joined: Wed Mar 30, 2016 7:49 am

Re: Safety and/or protection of source code

Post by _Marc_ »

Fred wrote:Well everything which is meant to be secret should be on the server, and never in a client side JavaScript. SpiderBasic only create the client-side of your application. You will need another software to create your server-side aplication (PHP, PureBasic as CGI, etc.).
Ah, yes you're totally right ...

I have server-side in my mind as that's what I always build so far (in ASP.NET). I have to think client-wise ;).

BTW: I didn't know PureBasic did support CGI. That's a pleasant surprise :).
Fred
Site Admin
Posts: 1506
Joined: Mon Feb 24, 2014 10:51 am

Re: Safety and/or protection of source code

Post by Fred »

It does, and it's easy to use. It even supports FastCGI if you need performance.
Post Reply