NodeJS应用程序的安全分发 [英] Secure distribution of NodeJS applications

问题描述

什么：可以将NodeJS应用程序分发为二进制文件吗？即。您通过V8将.js应用程序编译成其本机二进制文件，并将二进制文件分发给客户端？ （如果您完全访问了NodeJS服务器）...或正在缩小代码，您可以做什么？

What: Can NodeJS apps be distributed as binary? ie. you compile the .js app via V8 into its native binary, and distribute the binary to clients? (if you had total access to the NodeJS server)... or is minifying the code all you can do?

为什么：我们构建NodeJS中用于客户端的服务器端应用程序，这些应用程序通常被托管在客户端的服务器上。分发源代码意味着客户可以轻松窃取我们的解决方案，并停止支付许可费用。这样就可以轻松地进行逆向工程或重新使用我们的应用程序，而不需要我们的意识。

Why: We build serverside applications in NodeJS for clients, that have often to be hosted on the client's servers. Distributing source code means clients can easily steal our solution and stop paying licensing fees. This opens up the possibility of easy reverse-engineering or reuse of our apps without our awareness.

推荐答案

是的，你可以创建一个二进制格式。 V8允许您预编译JavaScript。请注意，这可能会对节点核心的假设产生一些奇怪的副作用。

Yes you can create a binary format. V8 allows you to pre-compile JavaScript. Note that this might have a bunch of weird side-effects on assumptions made by node core.

分发源代码意味着客户端可以轻松窃取我们的解决方案并停止支付许可费用。

Distributing source code means clients can easily steal our solution and stop paying licensing fees.

只是因为您分发二进制文件不能保护您免受盗用。他们仍然可以窃取二进制代码或拆卸它。这是通过晦涩的保护，根本没有保护。

Just because you distribute the binary doesn't protect you againsts theft. They can still steal the binary code or disassemble it. This is protection through obscurity which is no protection at all.

最好给他们一个瘦客户端应用程序，与您的服务器通信，并保持您的服务器代码安全，不给它走了。

It's better to give them a thin client app that talks to your server and keep your server code secure by not giving it away.

这篇关于NodeJS应用程序的安全分发的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！