You could obfuscate but in the end the client needs the code to run your game in the browser right?
Hmmm, an Idea I got, isnāt there a possibility to go in the build folder itself and modify the nodejs to donāt serve the html frontend anymore ?
Would that mess up the Meteor backend functionality as well ?
From a usability standpoint, it sucks, because itās not really maintainable at every new release, but with a task that runs after the build is complete maybe ?
Iām just throwing ideas here, any input is welcome!
EDIT: Iām saying all this while being completely in the dark on how Meteor serves itās bundled files, but Iāll take a look inside there too.
Maybe this needs more answer first: Meteor does combine the javascript code, it makes it smaller and combines lots of tiny javascript file into a few bigger ones.
Open the chrome console, go to sources and open the big javascript file. There do a search for some of your code, you will find it. You will see that newlines went missing but the rest is quite readable. So yes, you could inspect this code. On the other hand it is totally different from the source files you have. So a simple copy-paste is not enough.
Now: Is Cordova more āsecureā? No, it is not. The raw source files are just in there. Only thing which makes it harder is the protection of the Phone. For example I cannot easily see the code running inside an iOS app. Alternative way to see the files: Check what goes over the wire, since we have hot code push the code travels on the line sometimes. Just wait / force an update and you see the code.
Taken all this into account Cordova might take a bit more effort, thatās all. Only thing which might help is a bit of obfuscation.
The issue you have here is that if your logic is client side you have to accept that such piece of code is on the device itself. The question this leaves is: Is that an issue? And another question is: Can it be done in a different way? If you want the client to execute the code it needs the code.
So stick what needs to be secure on the server. Also when you deploy updates to your software it will make copying hard because the people trying to take your code will lose their investment if you keep improving your product so it becomes less worth it.
And finally: Because itās client side code you can find out who took your code the same way as they took your code if they put it online.
Well, in this case the actual javascript Iām writing for the game itself is the more āvaluableā code there, but that code is needed on the device to run the WEBGL game. The Meteor backend code is going to be just a simple wrapper thatāll take care of player stats and some socializing, nothing fancy.
Anyway, I get it, Iāll have to launch it first and Iāll see as I go about protecting / copyrighting etc.
Thanks for the suggestions!