This is an enterprise application given in the form of an installer. We are not doing SaaS.
________________________________ From: v8-users@googlegroups.com <v8-users@googlegroups.com> on behalf of Yang Guo <yang...@chromium.org> Sent: Monday, 27 June 2016 11:05:20 AM To: v8-users Cc: beethovian.symph...@outlook.com Subject: [v8-users] Re: Protecting IP Is there any way for an user run code on the node.js instance at all? I'm asking since node.js runs on the server, so the source is usually not accessible from outside. On Tuesday, June 14, 2016 at 3:33:35 PM UTC+2, Joe Bloggs wrote: Hi, My employer is looking to shift major development to node.js. Now, before you point out that this is the v8 mailing list, rest assured this message is pertinent to this list. My employer wants to protect their IP and not have it available as simple text files. We understand that a binary compilation is still hackable, that anything that executes on a remote machine can be reverse engineered, but we just want it to be non-trivial - no one should be able to merely open a text file and read the source code. I want to soundboard my current (extremely rudimentary) thoughts against you guys. The idea is to create a custom compilation of node and the v8 engine, where the v8 engine has been modified in the following manner (very high level, lots of details need to be filled in): 1. v8 exposes a function 'ExecuteEncryptedString' which internally decrypts the string and passes on execution to already available functions. 2. There shall be no way for the 'require' syntax to load an encrypted file. 3. Any attempt to use console.log to dump the encrypt string merely dumps the encrypted string. 4. The overall outcome we are looking for is anyone can execute the code if they have the custom executable, but they can't decrypt it trivially. They will need to disassemble the executable. 5. We want this approach to be forward compatible. That's where we will need guidance from you guys on how to ensure that, to the extent reasonably possible, in the future we will be able to simply download the code for a new version of v8, and run a simple script to add the custom parts and create the custom executable. Of course, in the face of innovation for better performance etc. this might break, and that is understandable. We also understand we may need a separate discussion with the node.js guys. I would like to hear your thoughts on this. If you have better ideas on achieving this, if you see obvious loopholes in the approach, or you just want to share your thoughts, please feel free to provide constructive feedback. Regards, Simon -- -- v8-users mailing list v8-users@googlegroups.com http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscr...@googlegroups.com<mailto:v8-users+unsubscr...@googlegroups.com>. For more options, visit https://groups.google.com/d/optout. -- -- v8-users mailing list v8-users@googlegroups.com http://groups.google.com/group/v8-users --- You received this message because you are subscribed to the Google Groups "v8-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to v8-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
