We are planing a new product with angular 5 and node.js . The product will run locally at the customer environment .
our problem is the following : how to protect our code from being stolen by any of the customers ? in dotnet i can seal all the source code into an encrypted dll or something like that . what can be done in angular 5 ?
Thank you .
our problem is the following : how to protect our code from being stolen by any of the customers ?
Stealing is illegal. The easiest solution would therefore be to not do business with criminals.
in dotnet i can seal all the source code into an encrypted dll or something like that .
That doesn't work.
In order for your clients to run the code, your client's CPU needs to understand the code. CPUs are much, much dumber than humans, so if the CPU can understand the code, then a human can, too. If you encrypt the code, you need to decrypt it, otherwise the CPU won't understand it.
Since the launcher needs to be able to encrypt the code, the decryption key must be part of the launcher, IOW, the encryption key must be stored on the client's computer: ergo, the client has the encryption key. If you transmit the encryption key over the network, you still need to do that over the client's network: since the client owns the network, they can intercept any traffic and thus intercept the key. Even if you make all this safe: the decrypted code is still inside the RAM of the client's computer, a computer that the client has full administrative access to.
This is your main problem:
The product will run locally at the customer environment .
That just doesn't work. If you don't want your clients to have the code, then just don't give them the code. Host the code locally and only give the client remote access through a narrow, secure, well-defined interface. This is the "Google approach".
If there is really no other choice, you can give the client a computer that your code is installed on, and that the client has no access to. Note, however, that unless you fully control every single component of that system (CPU, RAM, motherboard, firmware, all busses and extension ports, the case, the network connections, etc.), it is generally still possible to get access somehow. This is the "game console approach".
what can be done in angular 5 ?
There are a couple of standard approaches to this problem. It depends on exactly why your clients are stealing your product.
If they feel that the quality doesn't justify the price, raise the quality or lower the price. Also, try to find out why they feel the quality doesn't justify the price. Maybe there is a problem with the documentation, and the clients don't even know how awesome your product really is?
If they just can't afford it, lower the price or enter a different market. (Also, take a big step back and ask your marketing department why the heck they are selling the product in a market at a price that the market cannot afford. A typical example are companies selling products to students at a price that is equivalent to several years living expenses.)
Offer services beyond just simply selling the application; your clients will then pay for those services.
Make the product so good that your clients want to reward you and don't even think about stealing. (And no, this is not wishful thinking; Audio Damage is a company that successfully does this: in a highly competitive market, where complex copy protection and licensing schemes, high prices and low quality, and rampant piracy are common, they successfully sell their products at a lower price and higher quality with zero copy protection, and a no-questions-asked 30-days cash back guarantee.)
The only thing you can do is to add an another uglify layer protection like strings encryption. Consider the risk where some browsers will not be able to read the uglified source code.
