保护PhantomJS的脚本免受最终用户的攻击
[英]Protect script for PhantomJS from end-user
问题描述
I need to deploy few copies of PhantomJS alongside with script I made, the problem is end-user shouldn't see content of script or edit it. 
我需要与我制作的脚本一起部署PhantomJS的几个副本,问题是最终用户不应看到脚本的内容或对其进行编辑。 Is there a way? 有办法吗? I know I can obfuscate JavaScript, but it is weak and easy to counter. 我知道我可以混淆JavaScript,但是它很弱并且很容易反驳。
Is there any way to protect script from being read and edited by end-user in PhantomJS? 有什么方法可以防止脚本被最终用户在PhantomJS中读取和编辑? Maybe encrypt it somehow? 也许以某种方式对其进行加密?
1 个解决方案
解决方案1
1 已采纳 2015-02-20 13:32:37
Generally speaking, No . 一般来说, 没有 。
Trying to prevent editing: 尝试防止编辑:
You could make it harder to edit scripts by changing the PhantomJS source code to only accept scripts that you signed. 通过将PhantomJS源代码更改为仅接受您签名的脚本,可以使编辑脚本更加困难。 You will then need to add the public key of your signing key into the same PhantomJS source and the signature into the script. 然后,您需要将签名密钥的公钥添加到相同的PhantomJS源中,并将签名添加到脚本中。
This probably won't accomplish anything, because the user can simply use the official PhantomJS executable which would execute those scripts just as easily. 这可能什么也做不了,因为用户可以简单地使用官方的PhantomJS可执行文件,该可执行文件将同样容易地执行这些脚本。
Encryption: 加密:
You could encrypt your scripts with a symmetric block cipher like AES and put the key into PhantomJS (again changing the source). 您可以使用对称分组密码(例如AES)对脚本进行加密,然后将密钥放入PhantomJS中(再次更改源代码)。 If you combine it with the above approach you can make sure that the script "cannot be read" and it cannot be edited without you detecting the change. 如果将其与上述方法结合使用,则可以确保脚本“无法读取”,并且在未检测到更改的情况下无法对其进行编辑。
But everything can be reverse engineered, so the key can be extracted from the executable. 但是,所有内容都可以进行反向工程,因此可以从可执行文件中提取密钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.