Have you considered using a less-easy-to-read format like asm.js, run a obfuscator over the source, or put your IP into a binary node module?
On Tue, Jun 14, 2016, 3:33 PM Joe Bloggs <beethovian.symph...@outlook.com> wrote: > Hi, > > My employer is looking to shift major development to node.js. Now, before > you point out that this is the v8 mailing list, rest assured this message > is pertinent to this list. > > My employer wants to protect their IP and not have it available as simple > text files. We understand that a binary compilation is still hackable, that > anything that executes on a remote machine can be reverse engineered, but > we just want it to be non-trivial - no one should be able to merely open a > text file and read the source code. > > I want to soundboard my current (extremely rudimentary) thoughts against > you guys. The idea is to create a custom compilation of node and the v8 > engine, where the v8 engine has been modified in the following manner (very > high level, lots of details need to be filled in): > > 1. v8 exposes a function 'ExecuteEncryptedString' which internally > decrypts the string and passes on execution to already available functions. > > 2. There shall be no way for the 'require' syntax to load an encrypted > file. > > 3. Any attempt to use console.log to dump the encrypt string merely dumps > the encrypted string. > > 4. The overall outcome we are looking for is anyone can execute the code > if they have the custom executable, but they can't decrypt it trivially. > They will need to disassemble the executable. > > 5. We want this approach to be forward compatible. That's where we will > need guidance from you guys on how to ensure that, to the extent reasonably > possible, in the future we will be able to simply download the code for a > new version of v8, and run a simple script to add the custom parts and > create the custom executable. Of course, in the face of innovation for > better performance etc. this might break, and that is understandable. We > also understand we may need a separate discussion with the node.js guys. > > I would like to hear your thoughts on this. If you have better ideas on > achieving this, if you see obvious loopholes in the approach, or you just > want to share your thoughts, please feel free to provide constructive > feedback. > > Regards, > > Simon > > -- > -- > v8-users mailing list > v8-users@googlegroups.com > http://groups.google.com/group/v8-users > --- > You received this message because you are subscribed to the Google Groups > "v8-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to v8-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- -- v8-users mailing list v8-users@googlegroups.com http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
