Menu
What's the best way to protect a SPA+REST app built with one of the trending frameworks (backbone, angular, ember, etc.) from being replicated?
In a general environment, anyone can copy all the assets, modify the ajax endpoint and replicate the API (which in basic CRUD cases is easy) to have a fully functional copy of your app. Minification and obfuscation can help, but doesn't completely resolve the problem.
712
A SPA is an app that works inside a browser and does not require page reloading during use. A multiple page application is considered a more classical approach to app development. The multi-page design pattern requires a page reload every time the content changes.
Security Issues As compared to multi-page apps, SPAs are more prone to cross-site scripting attacks. Using XSS, it becomes easy for hackers to introduce client-side scripts into a web app. Also, SPAs are more likely to expose sensitive data to all users.
You can't prevent this from happening. Your front-end is served directly on the client, and can be copied and/or altered. The same goes for the assets.
However, in practice you rarely need to worry about this. In almost all cases, the real business value of a web application lies in the back-end. This is where all the core business logic should go, where your awesome algorithms are, and where your security is applied. And more importantly, this is where all the (valuable) data is stored.
A front-end is just an interface to your application. Do not worry about people 'stealing your awesome front-end code'. Your code is very likely not that special, and there's nothing bad about developers learning from looking at it. A good coder can probably reproduce your functionality without ever having seen your code anyway. And if someone blatantly copies your front-end code and reuses it, they are in violation of your rights as owner. They will not be able to just launch a competing product that runs with YOUR code base under the hood, and get away with it. More importantly, you've already established your product on the market, so you have an advantage that is very hard to beat.
Let go of trying to protect your code. It cannot be done. And neither is it necessary. A lot of companies have made a lot of money off of open-source products. The real value does not (just) lie in the source code, especially not on front-end source code.
Disclaimer: In case this comes across as me not appreciating front-end code: I am a full-time front-end developer and architect.
131
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
