NodeJS 应用程序的安全分发 [英] Secure distribution of NodeJS applications

问题描述

什么:NodeJS 应用程序可以作为二进制分发吗?IE.你通过 V8 将 .js 应用程序编译成它的原生二进制文件，然后将二进制文件分发给客户端?(如果您可以完全访问 NodeJS 服务器)...或者正在缩小代码，您可以做什么?

What: Can NodeJS apps be distributed as binary? ie. you compile the .js app via V8 into its native binary, and distribute the binary to clients? (if you had total access to the NodeJS server)... or is minifying the code all you can do?

原因:我们在 NodeJS 中为客户端构建服务器端应用程序，这些应用程序通常必须托管在客户端的服务器上.分发源代码意味着客户可以轻松窃取我们的解决方案并停止支付许可费用.这开辟了在我们不知情的情况下轻松逆向工程或重复使用我们的应用程序的可能性.

Why: We build serverside applications in NodeJS for clients, that have often to be hosted on the client's servers. Distributing source code means clients can easily steal our solution and stop paying licensing fees. This opens up the possibility of easy reverse-engineering or reuse of our apps without our awareness.

推荐答案

是的，您可以创建二进制格式.V8 允许您预编译 JavaScript.请注意，这可能会对节点核心所做的假设产生一系列奇怪的副作用.

Yes you can create a binary format. V8 allows you to pre-compile JavaScript. Note that this might have a bunch of weird side-effects on assumptions made by node core.

分发源代码意味着客户可以轻松窃取我们的解决方案并停止支付许可费用.

Distributing source code means clients can easily steal our solution and stop paying licensing fees.

仅仅因为您分发二进制文件并不能保护您免遭盗窃.他们仍然可以窃取二进制代码或反汇编它.这是隐匿的保护，根本就没有保护.

Just because you distribute the binary doesn't protect you againsts theft. They can still steal the binary code or disassemble it. This is protection through obscurity which is no protection at all.

最好为他们提供一个与您的服务器通信的瘦客户端应用程序，并通过不泄露来保证您的服务器代码的安全.

It's better to give them a thin client app that talks to your server and keep your server code secure by not giving it away.

这篇关于NodeJS 应用程序的安全分发的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！