简体繁体 English

安全的adobe air html / javascript代码

[英]secure adobe air html/javascript code

原文 2013-07-26 12:30:21 8 1 javascript/ html/ security/ air

I would like to develop desktop application with adobe air. 我想用adobe air开发桌面应用程序。 but I am worried about html/javascript source code security. 但我担心html / javascript源代码的安全性。

Application has paid media content and I would not like to expose urls. 应用程序已支付媒体内容，我不想公开网址。

How can I secure source code? 我如何保护源代码？

1 个解决方案

I don't feel like anyone will be able to answer your question, because what you are asking for is not good practice. 我不觉得任何人都能回答你的问题，因为你所要求的并不是好的做法。 What you are trying to do is basically security through obscurity . 你要做的是基本上通过默默无闻的安全 。 You are hoping you will be more clever than any malicious users who download your app, and none of them will be able to figure out where you hide the stuff that is executing on their computers. 您希望自己比下载应用程序的任何恶意用户更聪明，并且他们都不会知道您隐藏在其计算机上执行的内容的位置。

The United States National Institute of Standards and Technology (NIST) specifically recommends against security through obscurity in more than one document. 美国国家标准与技术研究院（NIST）特别建议在一份以上的文件中通过默默无闻来反对安全。 Quoting from one, "System security should not depend on the secrecy of the implementation or its components." 引用一句话，“系统安全不应该依赖于实现或其组件的保密性。” -source -资源

No matter what measures you take to obscure a URL, if the site is going to be visited on a computer where the user has physical access, it will be vulnerable. 无论您采取什么措施来掩盖URL，如果要在用户具有物理访问权限的计算机上访问该站点，它将是易受攻击的。

Depending on what language your server software is written in, you can implement something like user accounts/roles . 根据您的服务器软件所使用的语言，您可以实现用户帐户/角色之类的功能。 If you have a question about how to do that, you should give it a fair shot, and post another question if you come up with one. 如果你有一个关于如何做到这一点的问题，你应该给它一个公平的镜头，如果你拿出一个问题就发布另一个问题。