Allow source code to run, but not show it - Printable Version +- QB64 Phoenix Edition (https://staging.qb64phoenix.com) +-- Forum: QB64 Rising (https://staging.qb64phoenix.com/forumdisplay.php?fid=1) +--- Forum: QBJS, BAM, and Other BASICs (https://staging.qb64phoenix.com/forumdisplay.php?fid=50) +--- Thread: Allow source code to run, but not show it (/showthread.php?tid=1467) |
Allow source code to run, but not show it - mnrvovrfc - 02-11-2023 https://staging.qb64phoenix.com/showthread.php?tid=1462 This thread has me asking entirely out of ignorance: is there a way in "BAM" or "QBJS" to provide source code and run it, without allowing a different user to see the source code, or allowing that user to see a small portion of it? RE: Allow source code to run, but not show it - CharlieJV - 02-11-2023 That's a great question. BASIC Anywhere Machine is just one HTML file. It is a client-side application meant to work offline, requiring no server. As far as I know, there is no way to hide the content of a client-side HTML file. The usual approach is by somewhat obfuscating the code with a "minifier" tool that makes the code really hard to read. Related reading: https://www.freecodecamp.org/news/javascript-minify-minifying-js-with-a-minifier-or-jsmin/#:~:text=A%20%22minified%22%20version%20of%20the,will%20produce%20the%20same%20results. RE: Allow source code to run, but not show it - CharlieJV - 02-12-2023 (02-11-2023, 11:57 PM)CharlieJV Wrote: That's a great question. Something I haven't looked at much for lack of interest: WASM. That could be an option for creating web applications that do not reveal the source code. EDIT: Actually, BASIC Anywhere Machine is the result of me looking at WASM and thinking "yuck." When I first got interested in QB64, my instant thought: "hey, it transpiles to C++ code before becoming an executable. What if I grabbed that C++, fed that to emscripten, and created WASM? I could have QB64 programs running on the web ! Then I realized that emscripten involved way too much of a learning curve for the amount of benefit. So I did a hard exit stage left and went the TiddlyWiki + wwwBASIC way. RE: Allow source code to run, but not show it - dbox - 02-12-2023 (02-11-2023, 11:43 PM)mnrvovrfc Wrote: https://staging.qb64phoenix.com/showthread.php?tid=1462 For QBJS there are a few ways to do this. You can use the Share feature to create a link to your program. The Auto or Play option will not show the source code. Either of these options will also enable an export feature, which will allow you to download a “compiled” version of your program, which you can share on your website or upload to a sharing site like itch.io. RE: Allow source code to run, but not show it - CharlieJV - 02-12-2023 (02-12-2023, 03:37 PM)dbox Wrote:(02-11-2023, 11:43 PM)mnrvovrfc Wrote: https://staging.qb64phoenix.com/showthread.php?tid=1462 If I've got it right, please correct me if I misunderstood: With QBJS, the result is the BASIC code transpiled to javascript. The BASIC code, which would be really easy to read, no longer exists. What we have is javascript that is minimised. (Well, not really minimised, but still fairly cryptic.) Hard as heck to read, but if you know how to read javascript, css, and html, then you can see exactly what the program is doing, even reverse engineer the BASIC program. That would be a huge pain in the caboose, but it is just to point out what I think is accurate (based on my understanding): there is no hiding the original code for a client-side web application. It can only be obfuscated. But as far as obfuscating the original BASIC code goes, QBJS converting it to javascript and minimising that javascript is really good standard web obfuscation. BASIC Anywhere Machine makes no attempt at all to obfuscate anything. Here's a QBJS "Hello World" program (the BASIC source below that). Not much fun to read, so nicely obfuscated: Code: (Select All) async function __qbjs_run() { The QBJS BASIC code that generated the javascript above: Code: (Select All) for i = 1 to 10 RE: Allow source code to run, but not show it - dbox - 02-12-2023 So, it is correct that QBJS compiles the BASIC code to Javascript. I haven’t really made any effort at this point to obfuscate or minimize the generated JS. (I was actually trying to make it fairly readable for easier troubleshooting, ha!). However, there are many very good libraries for Javascript obfuscation. I could certainly incorporate that into the Export functionality if there was enough interest. RE: Allow source code to run, but not show it - CharlieJV - 02-12-2023 (02-12-2023, 04:42 PM)dbox Wrote: So, it is correct that QBJS compiles the BASIC code to Javascript. I haven’t really made any effort at this point to obfuscate or minimize the generated JS. (I was actually trying to make it fairly readable for easier troubleshooting, ha!). However, there are many very good libraries for Javascript obfuscation. I could certainly incorporate that into the Export functionality if there was enough interest. I think that would be an awesome (super-convenient) option. I can imagine scenarios in which we want the javascript easy to read, and scenarios in which we want to minimise the code (for compacting big programs or for obfuscating, or for both goals.) |