Apps脚本-Web App:可见的源代码/库? [英] Apps Script - Web App: Visible Source Code / Library?

问题描述

如果我将项目发布为公共Web应用程序，则仅接收和响应一些变量...那么完整的源代码以及使用过的库是否对所有用户可见?

If I publish a project as public web app, to receive and response only a few variables... is then the complete source code and maybe the used library visible to all users?

推荐答案

否.发布应用程序和文件共享是两件事.您可以将应用程序脚本"应用发布为有权访问网络应用的任何人，甚至匿名"，但是如果您不与任何人共享文件，则他们将无权访问代码.

No. Publishing the app, and file sharing are two different things. You can publish an Apps Script app as "Anyone, even anonymous" having access to the web app, but if you don't share the file with anyone, they can not have access to the code.

如果您与某人共享了电子表格文件之类的东西，并且他们制作了该电子表格的副本，那么他们将成为该电子表格副本的所有者，并且绑定到该电子表格的所有代码都将随该电子表格一起使用.在这种情况下，您的代码将不安全.

If you shared something like a spreadsheet file with someone, and they made a copy of the spreadsheet, then they become the owner of the copy of the spreadsheet, and all the code bound to the spreadsheet goes with the spreadsheet. In that case, you code would not be secure.

但是，如果它是一个独立的Apps脚本，并且您不与任何人共享 文件 ，那么您仍然可以授予任何人以运行该应用程序的权限已发布的网址.

But, if it's a stand alone Apps Script, and you don't share the file with anyone, you can still give access to anyone to run the app with the published URL.

很多人在电子表格中创建 绑定 的Apps脚本代码，并且可能没有意识到，当他们共享电子表格文件时，无法保护其代码.

Lot's of people create Apps Script code bound to a spreadsheet, and may not realize that when they share the spreadsheet file, there is no way to secure their code.

一个独立的应用程序不受任何约束.那是区别. HTML中的任何JavaScript代码当然都是向世界公开的.唯一无法查看的代码是独立应用程序中的服务器端.gs代码.

A stand alone app is not bound to anything. That's the difference. Any JavaScript code in the HTML, of course, is open to the world. The only code that can NOT be viewed is the server side .gs code, in a stand alone app.

除非您的函数名称是私有的，否则任何有专门知识的人都可以获取您所有不是私有的函数的名称.但是，仅仅因为它们具有函数的名称，并不意味着它们可以得到代码. (我知道).但是，有人可以在浏览器中修改HTML，并且如果他们具有该函数的名称，则可能使用google.script.run运行较低级别的函数.

Unless your function names are private, someone who knows how, can get the names of all your functions, that are not private. But just because they have the name of a function, doesn't mean that they can get what the code is. (That I know of). But, someone could modify the HTML in the browser, and probably run a lower level function with google.script.run if they had the name of the function.

如果您将某人的项目密钥提供给某人，以用作其拥有的文件中的库，则当他们将新库放入库中时，他们会收到一封电子邮件，其中包含指向库的链接，供他们查看.因此，问题在于，他们是否知道该库的URL.如果他们从不知道库的URL，则无法查看. (除非他们以某种方式猜出了URL是什么，否则很幸运).但是，对于独立的应用脚本来说，该脚本归您所有，并且不与任何人共享，因此无需给出要添加为库的项目密钥.

If you gave someone the Project Key, to use as a library in a file they owned, as soon as they put the new library in, they get an email with a link to the Library, which they can view. So, the issue is, whether they know the URL of the library or not. If they never know the URL of the library, they can't view it. (Unless they somehow guessed at what the URL was, and got lucky). But in the case of a Stand Alone Apps Script, that is a owned by you, and not shared with anyone, there is no need to give out the Project Key to be added as a library.

这篇关于Apps脚本-Web App:可见的源代码/库?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！