Is it possible to hide / secure data used in webGL?

Question

I have learned a bit of webGL, using three.js mainly. I load .obj files and I draw them in 3D.

I have put my project online under something like : www.mydomain.com

I don't mind people looking at my source code through their browser, but the .obj files I'm showing are from someone who does not want to give them away.

I'm a total newbie concerning this.

As my source code is available to everyone I'm guessing that the .obj files are also available to everyone. So is it possible to hide or secure them so that nobody can download them ?

Answer 1

I'm pretty sure you can not secure any files if you want to access and use them in Javascript / WebGL. They need to be parsed into a usable format at some point for the browser/javascript to be able to display them. You have two options:

1) Obfuscation. I don't think this is very good option, as in the end someone can always use Firebug and other tools to access somewhat useful representation of your files. You can make it a bit less easy to do by encrypting or scrambling data server-side, and reconstructing stuff in Javascript. Or just using unconventional ways to load and represent files.

You can also do some decoding / decrypting in shader code which would be one step harder to steal. But that probably applies to textures only.

2) Make the files less useful. For someone to reuse your OBJ files, they probably want to import the models to software of their choice and do something. You can not prevent that but you can strip the files of extra information that makes the files easier to work with. This will make files less desirable for any potential thieves.

I do it for completely different reasons, but my main use of WebGL involves exporting models from Sketchup to Collada, and displaying them in WebGL. My export code does some things, which as a side-effect make the exported model a pain to work with. This include making all component instances unique (de-instancing?), exploding all components and groups to plain geometry, triangulating all faces, deleting hidden geometry etc.

Would be a PITA to bring that back to Sketchup for editing without the original file... specially because the models I work with, by nature heavily depend on component and group instancing. But still, nothing prevents someone from stealing the geometry "as is".

Answer 2

If someone is dowloadable to the browser then it is at the user's computer.

You can make reading files more difficult, but it will only slow down grabbing the .obj data. If someone wants to do it then he/she can eventually do it. The decryption key must be always on the client computer. So you can only slowdown the process. So the question becomes "How difficult and how complex you want to make your .obj reading code and is it worth of the effort?" Simply by adding one extra byte at the beginning of the file is probably enough to make the files not to open as is in the modelling software.

I suggest you educate your someone how internet works and simply say it is not possible or worth of trying to do it and save yourself of coming up with homebrew implementations how to make data reading more difficult.