Menu
People have been saying so many good words for HTML5, but one of my main concern is how to protect the source code of my game.
essentially..
566
Do HTML5 apps pose any security threats for developers and businesses? The answer unfortunately is yes. Apps built with HTML5 are like any web-based applications. Developers should take proper security measures against cyber attacks to safeguard any stored data and communications.
HTML5 is a markup language of the Internet, which also allows creating visually impressive and smooth-feeling games that can be played on any platform.
HTML5 : An Overview HTML5 uses JavaScript language in which the games are programmed. HTML5 game development helps in delivering APIs for new solutions such as WebGL, Canvas, WebAudio Which are regarded as vital components. These components also facilitate in smooth functioning of games.
"You can't" is the answer to all 3 questions. The only thing you can do is to slow down whoever's interested in your code by ofuscating it, but ultimately, if somebody wants to use your code, there's nothing you can do about it.
148
i personally use Google Closure Compiler with advanced compression to obfuscate my code (download the Java-file, don't use the online-version!). It takes some extra effort to prepare the code but it's all very well docmented and once you understood how the compiler works it's really easy to comply with its rules. It not only obfuscates your code but actually optimizes it for execution speed and file size as well.
to be clear - yes the other guys are right, no ultimate protection... bla bla. BUT: ever tried to make heads or tails of googles JavaScript? I tried and failed. If you use obfuscated class-names and very few strings in your code it will be very hard to read, meaning it might takes months depending on the complexity of your code.
For API-calls things are different. encryption won't work as the decryption code will be visible within the javascript - even with obfuscation that part will be hard to hide as AJAX code always looks a bit alike... Also encryption uses up CPU time which you probably need elsewhere. Deferring is one way but in the end, API-calls will be more or less readable.
42
Obfuscating your javascript code could be one important step. Obfuscation can make the code so complex that no sane person would try to hack it.
I have been using jscrambler.com with good results. That said, obfuscation will not solve every problem. Users will still be able to view all the traffic exchanged between the browser and the server. So they will know how the API works and how to use it.
To avoid this you can use encryption of messages using javascript. This could be helpful in securing the content. I found a post on stackoverflow that discuss encryption using javascript: Javascript AES encryption. There are a few implementations that can be used that have a low performance impact.
Last but not least, all inputs should be thoroughly checked on the server side. All logic that can be implemented on the server side should remain there.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
