Skip to main content
Known Participant
December 16, 2015
Question

Organizing and packaging HTML5 extension

  • December 16, 2015
  • 1 reply
  • 941 views

I am working on building an HTML5 extension for InDesign CC 2015. I bundle the extension with Extension Builder 3 into a zxp file; which upon installing unpacks to HTML pages and js and css files into the install location on my Mac (/Library/Application Support/Adobe/CEP/extensions/MyExtension). My concern is, this way, my extension can be easily modified or reverse-engineered. How do I encrypt my extension before sending it to the customers so that my code is not wide open in front of them?

This topic has been closed for replies.

1 reply

Rob Hecker2
Legend
December 17, 2015

It depends on what languages you built your extension with. There are three methods:

1. encryption. The file disencrypts on the fly when used, but the contents can't be viewed in a readable way.

2. Calling home. The code must ping your server for authentication. Your server may contain critical code or variables.

2. Write the extension in a language that can be compiled.

Swati999Author
Known Participant
December 22, 2015

Hi Rob,

Thanks for the reply. We have an API layer in between which hides my database and performs the authentication on every operation. So, I am using "calling home" approach. But my extension, which is written in HTML5 (most of the business logic is in JavaScript and presentation is in HTML and CSS), still exposes some coding secrets (like admin username and password are in the extension code for performing the authenticate-user operation plus I want to hide how I have coded certain things). Can you please elaborate the other two options you mentioned - file decryption on the fly (how can I do that and which language) and writing extension in a language that can be compiled (I can not use actionscript as CC 2015 applications do not support Flex/Flash extensions anymore so which other languages are my options)?

Rob Hecker2
Legend
December 22, 2015

ZendGuard is one of many products that will encrypt PHP code (option 1). Java is a compiled language (option 3) but I don't know what you would need to do to keep it from being reverse-engineered.

Of course if the javascript/html contains the information you wish to hide, you are out of luck. You would have to rethink your whole approach.

I do not use any of the methods I mentioned. My back end PHP code is hosted on my server where no one else has access to it.