When releasing the WEB through ‘p5’, what are the security problems?
For example, there were no security problems when released in ‘JAVA Mode’ of ‘Processing’.
(When the exe file is released, the source code is transformed. However, in the case of ‘p5’, the source code is shown as it is.)
However, in the case of ‘WEB’, the security is quite weak, and I think there are many ways to solve this part.
source code part
information hacking, etc.
Therefore, in releasing ‘p5 WEB’,
How can I increase security stability? If you know of any experience or know-how, please share.
If you just want to hide your code, you could ofuscate/minify it. There are many services and pages that help you with ofuscating. You could also see the source code of Google start page to see how it ofuscates the code by embedding all the javacript within a string which is decrypted afterwards.
What I’m not sure is how to deal with sensible information you don’t want to reveal (such as API keys). In the old days of ICQ messenger, I met a webclient that did on-the-fly public key encription and decryption. But I think that’s no longer safe when you have an “inspection tool” at hand in every browser.
EDIT: If you use cryptojs or similar, please make sure the password is not stored as clear text. You could encrypt a preliminary password with window.location (so you make sure the page is running online), add to it some variable you stored lines before, and pass it to an ofuscated function before it is sent to criptojs.decrypt. You could even use the pixels array to get part of an image as password.
Thank you very much for your answers. I found out that there are ways I hadn’t even thought of. I was able to think about security enough.
I have a question. Is there any way to prevent brute force requests like ‘DDOS’? Is it possible within the ‘p5’, not the server computer (not hardware security)?
usually the p5 is hosted by a web-server, at least if you want to provide it to someone.
The attack you speak about shouldn’t be handled by p5 itself, but rather the webserver you use to provide you p5 stuff. Here you can configure behaviours to prevent DDOS … (ie limit calls, max parallel requests, etc)
Nevertheless, if you want to manage the stuff ie. on your own Linux server you need to think about on low level how the server itself preventing or handle flood requests. There are some strategy you can setup/implement…
P5 can now be integrated with Node.js, you can explore that option. I believe your best bet will be to study PHP because it is quite easy to learn, I started learning PHP in college, in less than 3 months I can integrate back end and front end and query information on a database.
All the best in your quest.