防止用户篡改Chrome扩展程序的免费试用版 [英] Prevent user from tampering with a Chrome Extension's free trial
问题描述
推荐的方式 if 块之后的一个断点,并运行 licenseStatus =FULL,使他们能够完全访问扩展功能。
有什么办法可以缓解这种篡改吗?
>确定的用户将总是能够复制您的扩展,添加修改并将其加载为解压缩。代码混淆,即缩小,用作威慑,但不会阻止它。
客户端代码(使用方便的调试器提供的代码)始终是这种情况。唯一真正的解决方案是服务器端组件,它执行一些不重要的工作,并检查许可证本身。
因此,这是一个有点荣誉制度:您可以期望大多数首先愿意支付的用户实际支付费用,理论上讲,您拥有合法的工具可以追踪用户,不仅会破坏您的保护,还会分发已修改的扩展程序。如果这还不够,并且无法实现上述真实解决方案,则应重新考虑开发付费附加信息。
Paid Chrome Extensions that offer free trials must implement a manual check for when the license was issued in order to "expire" the free trial.
The recommended way of doing this is by calling the License API and verifying the response. This happens in the extension's JavaScript code, which can easily be tampered with.
For example, in the code piece linked above, a user could easily inspect the background page and insert a breakpoint right after the if block and run licenseStatus = "FULL", giving them full access to the extension's features.
Is there any way to mitigate this sort of tampering?
A determined user will always be able to copy your extension, add modifications to it and load it as unpacked.
Code obfuscation, i.e. minification, serves as deterrent but will not prevent it.
This is always the case for client-side code (supplied with a convenient debugger, no less). The only real solution to this is a server-side component that performs some non-trivial chunk of work and checks the license itself.
As such, it's a bit of an honor system: you can expect most users that are willing to pay in the first place to actually pay, and in theory you have legal tools to go after users that not only break your protection but distribute the modified extension. If that's not enough, and you can't implement the "real" solution above, you should reconsider developing paid extensions.
这篇关于防止用户篡改Chrome扩展程序的免费试用版的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
