Maaf saya tidak kesengajaan saya. T.ksh Pada tanggal 27 Jun 2016 18.05, "Yang Guo" <yang...@chromium.org> menulis:
> Is there any way for an user run code on the node.js instance at all? I'm > asking since node.js runs on the server, so the source is usually not > accessible from outside. > > > On Tuesday, June 14, 2016 at 3:33:35 PM UTC+2, Joe Bloggs wrote: >> >> Hi, >> >> My employer is looking to shift major development to node.js. Now, before >> you point out that this is the v8 mailing list, rest assured this message >> is pertinent to this list. >> >> My employer wants to protect their IP and not have it available as simple >> text files. We understand that a binary compilation is still hackable, that >> anything that executes on a remote machine can be reverse engineered, but >> we just want it to be non-trivial - no one should be able to merely open a >> text file and read the source code. >> >> I want to soundboard my current (extremely rudimentary) thoughts against >> you guys. The idea is to create a custom compilation of node and the v8 >> engine, where the v8 engine has been modified in the following manner (very >> high level, lots of details need to be filled in): >> >> 1. v8 exposes a function 'ExecuteEncryptedString' which internally >> decrypts the string and passes on execution to already available functions. >> >> 2. There shall be no way for the 'require' syntax to load an encrypted >> file. >> >> 3. Any attempt to use console.log to dump the encrypt string merely dumps >> the encrypted string. >> >> 4. The overall outcome we are looking for is anyone can execute the code >> if they have the custom executable, but they can't decrypt it trivially. >> They will need to disassemble the executable. >> >> 5. We want this approach to be forward compatible. That's where we will >> need guidance from you guys on how to ensure that, to the extent reasonably >> possible, in the future we will be able to simply download the code for a >> new version of v8, and run a simple script to add the custom parts and >> create the custom executable. Of course, in the face of innovation for >> better performance etc. this might break, and that is understandable. We >> also understand we may need a separate discussion with the node.js guys. >> >> I would like to hear your thoughts on this. If you have better ideas on >> achieving this, if you see obvious loopholes in the approach, or you just >> want to share your thoughts, please feel free to provide constructive >> feedback. >> >> Regards, >> >> Simon >> >> -- > -- > v8-users mailing list > v8-users@googlegroups.com > http://groups.google.com/group/v8-users > --- > You received this message because you are subscribed to the Google Groups > "v8-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to v8-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- -- v8-users mailing list v8-users@googlegroups.com http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
