• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Organizing and packaging HTML5 extension

Explorer ,
Dec 16, 2015 Dec 16, 2015

Copy link to clipboard

Copied

I am working on building an HTML5 extension for InDesign CC 2015. I bundle the extension with Extension Builder 3 into a zxp file; which upon installing unpacks to HTML pages and js and css files into the install location on my Mac (/Library/Application Support/Adobe/CEP/extensions/MyExtension). My concern is, this way, my extension can be easily modified or reverse-engineered. How do I encrypt my extension before sending it to the customers so that my code is not wide open in front of them?

Views

764

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guru ,
Dec 17, 2015 Dec 17, 2015

Copy link to clipboard

Copied

It depends on what languages you built your extension with. There are three methods:

1. encryption. The file disencrypts on the fly when used, but the contents can't be viewed in a readable way.

2. Calling home. The code must ping your server for authentication. Your server may contain critical code or variables.

2. Write the extension in a language that can be compiled.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 22, 2015 Dec 22, 2015

Copy link to clipboard

Copied

Hi Rob,

Thanks for the reply. We have an API layer in between which hides my database and performs the authentication on every operation. So, I am using "calling home" approach. But my extension, which is written in HTML5 (most of the business logic is in JavaScript and presentation is in HTML and CSS), still exposes some coding secrets (like admin username and password are in the extension code for performing the authenticate-user operation plus I want to hide how I have coded certain things). Can you please elaborate the other two options you mentioned - file decryption on the fly (how can I do that and which language) and writing extension in a language that can be compiled (I can not use actionscript as CC 2015 applications do not support Flex/Flash extensions anymore so which other languages are my options)?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guru ,
Dec 22, 2015 Dec 22, 2015

Copy link to clipboard

Copied

ZendGuard is one of many products that will encrypt PHP code (option 1). Java is a compiled language (option 3) but I don't know what you would need to do to keep it from being reverse-engineered.

Of course if the javascript/html contains the information you wish to hide, you are out of luck. You would have to rethink your whole approach.

I do not use any of the methods I mentioned. My back end PHP code is hosted on my server where no one else has access to it.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 23, 2015 Dec 23, 2015

Copy link to clipboard

Copied

Okay. I will look into encrypting tools. But again, I want to encrypt HTML / JS / CSS pages, not sure if there are many options out there.

As far as I know, Java is not an option for writing extension for InDesign CC 2015. I have written an extension targeting InDesign CC 2014 and earlier versions in actionscript but InDesign CC 2015 does not support Flash / Flex extensions anymore so HTML5 is the only option. In fact, I am porting the same extension so that it is supported by InDesign CC 2015. Ref.: https://github.com/Adobe-CEP/CEP-Resources

My problem is, I could not find a reliable way to encrypt my extension code.

My API layer is coded in Java and hidden from outside world.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guru ,
Dec 23, 2015 Dec 23, 2015

Copy link to clipboard

Copied

I want to encrypt HTML / JS / CSS pages

I guess this wasn't clear before. Do you mean HTML, JS and CSS that is intended to be rendered by a browser? That would of course be impossible. I thought you were talking about the code that creates the HTML, JS and CSS.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 23, 2015 Dec 23, 2015

Copy link to clipboard

Copied

LATEST

No, the pages are not intended to be rendered in a browser. I am writing extension for InDesign and it will be rendered within InDesign application. Anyhoo.. I guess I will keep looking. Thanks for the replies.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines