> Distributing source code means clients can easily steal our solution and stop paying licensing fees.
This has been a problem since the beginning of the software industry. The only proven solution is to give enough support to make it worth their paying for. Obfuscating and DRM never fully work. Even shipping binaries is just a form of obfuscation. However, you can usually make money with obfuscation by just counting on most customers being too lazy to hack it. I can buy almost any product, including microsoft products, on a warez site. On Mon, Sep 17, 2012 at 8:25 PM, Matthew de Detrich <mdedetr...@gmail.com>wrote: > Instead of trying to villify the poster (because a few posters here who > are saying that securely boxing applications is useless appear to have > little understanding of how some companies operate, and the fact that even > though its theoretically possible to reverse engineer something, its > practically impossible to reverse engineer an obfuscated C binary to a > usable state as compared to some of the other languages listed), the better > answer is to simply say that this kind of distribution is not possible with > node.js simply because of the language javascript > > Javascript is a fully dynamic language which has things like eval() and > toString(). These things essentially mean that you cannot guarantee, 100% > of the time, that your binary distribution of node.js (if you could do > this) would work. There is code out there for example, which relies on > toString() actually working properly, for the code to work (such as getting > function names). Most static languages do not have these kinds of > properties, and hence it is possible to completely transform the code into > an obfuscated binary > > This is unfortunately the downside of languages like Javascript and Ruby. > The distribution methods are just boxing the application up with a VM that > runs your packed source (and obviously you can obfuscate the source, > something like Google Closure Compiler does) however thats far from > distributing it as a binary. I am pretty sure that someone can create > binary distributions of the node.js applications with a disclaimer that it > may break your code, but there is very little demand for a such a feature > :) > > On Friday, 24 February 2012 02:56:43 UTC+11, Jeremy Rudd wrote: >> >> *What:* Can NodeJS apps be distributed as binary? ie. you compile the >> .js app via V8 into its native binary, and distribute the binary to our >> clients? ... or is minifying the code all you can do? >> >> *Why:* We build serverside applications in NodeJS for clients, that have >> often to be hosted on the client's servers. Distributing source code means >> clients can easily steal our solution and stop paying licensing fees. This >> opens up the possibility of easy reverse-engineering or reuse of our apps >> without our awareness. >> >> *Shamelessly cross posted on*: http://stackoverflow.com/** >> questions/9413123/secure-**distribution-of-nodejs-**applications<http://stackoverflow.com/questions/9413123/secure-distribution-of-nodejs-applications> >> > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to nodejs@googlegroups.com > To unsubscribe from this group, send email to > nodejs+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to nodejs@googlegroups.com To unsubscribe from this group, send email to nodejs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
