Hi,
Afaik I can't prevent a user from downloading the JS files, so they can browse its contents.
What are the risks regarding the source code? How can I f.e. hide/protect passwords/tokens I might need for connecting to external databases/services?
Safety and/or protection of source code
Re: Safety and/or protection of source code
Even if you could 'hide' the code, it could be easy for anyone to snoop on your network connection and see what happen. You should never store password client side, even in a regular desktop application. For authentication, you should ask for a login, hash the password with SHA1/2/3 and use an HTTPS connection to request your server.
Re: Safety and/or protection of source code
I understand. But sometimes you'll have something in the code that needs to be kept a secret (on the server side). Those secret codes will never be transferred over the internet, but only used for creating an other token (e.g. refresh token) or hash. So maybe some sort of web.config from which my web application will read it's data.Fred wrote:Even if you could 'hide' the code, it could be easy for anyone to snoop on your network connection and see what happen. You should never store password client side, even in a regular desktop application. For authentication, you should ask for a login, hash the password with SHA1/2/3 and use an HTTPS connection to request your server.
Re: Safety and/or protection of source code
Well everything which is meant to be secret should be on the server, and never in a client side JavaScript. SpiderBasic only create the client-side of your application. You will need another software to create your server-side aplication (PHP, PureBasic as CGI, etc.).
Re: Safety and/or protection of source code
Ah, yes you're totally right ...Fred wrote:Well everything which is meant to be secret should be on the server, and never in a client side JavaScript. SpiderBasic only create the client-side of your application. You will need another software to create your server-side aplication (PHP, PureBasic as CGI, etc.).
I have server-side in my mind as that's what I always build so far (in ASP.NET). I have to think client-wise .
BTW: I didn't know PureBasic did support CGI. That's a pleasant surprise .
Re: Safety and/or protection of source code
It does, and it's easy to use. It even supports FastCGI if you need performance.