Remove From My Forums

Will users be able to see my app code?

Question
0

Sign in to vote

For the application that I deploy will users be able to see my JS, HTML and CSS code? In a normal web browser you can view source but I can't seem to do that with the Metro apps so I just wanted to confirm this was the case.

Will I need to run an obfuscation tool against it to really protect myself?

C#, ASP.NET San Diego, California programmer

Saturday, March 17, 2012 11:39 PM

Answers

1

Sign in to vote
Hi,

Obfuscation is needed if you want to protect your code because end users can see the source code. To see source code, you can run the Metro style application and use Task Manager to "Open file location". Then you'll be able to see all code of this application.

Allen Chen [MSFT]
MSDN Community Support | Feedback to us
Get or Request Code Sample from Microsoft
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
- Edited by Allen Chen - MSFT Monday, March 19, 2012 6:19 AM
- Proposed as answer by Sars C Monday, March 19, 2012 12:29 PM
- Marked as answer by Allen Chen - MSFT Tuesday, March 27, 2012 7:01 AM
Monday, March 19, 2012 6:19 AM
1

Sign in to vote
Obfuscation protects you against one and exactly one thing: someone copy-pasting your code directly into their app and having the benefit of your awesome formatting and comments. It should not be considered a true security measure as it can be prettified and deciphered just like any managed code out there. Any code that is running on the client machine should be considered totally visible to the user of the client machine.

Also worth considering is if you minify your code, the callstacks you get back from the store for crashing apps will contain the minified function names and might not be terribly useful for you.

Cheers,

-Jeff
- Marked as answer by Allen Chen - MSFT Tuesday, March 27, 2012 7:01 AM
Monday, March 19, 2012 5:43 PM
0

Sign in to vote
ive also noticed you can easily view the source of javascript based apps which is a bit of a security risk if your code includes urls to servers which store data and payment processors that type of thing so it would be best to obfuscate and minify your code. it would be great if this could be done automatically by the windows store on app submission for that extra piece of mind and i know microsoft or under no obligation to do anything like that but it would be an added bonus for javascript developers

a quick search on bing for javascript obfuscators and minifiers will bring up a good collection of free services you can use
- Proposed as answer by Jeff SandersMicrosoft employee, Moderator Monday, March 19, 2012 1:07 PM
- Marked as answer by Allen Chen - MSFT Tuesday, March 27, 2012 7:01 AM
Monday, March 19, 2012 1:04 PM
0

Sign in to vote
Obsucation won't help if your web services aren't secure. That's another thing altogether.
- Marked as answer by Allen Chen - MSFT Tuesday, March 27, 2012 7:01 AM
Monday, March 19, 2012 3:07 PM

All replies

1

Sign in to vote
Hi,

Obfuscation is needed if you want to protect your code because end users can see the source code. To see source code, you can run the Metro style application and use Task Manager to "Open file location". Then you'll be able to see all code of this application.

Allen Chen [MSFT]
MSDN Community Support | Feedback to us
Get or Request Code Sample from Microsoft
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
- Edited by Allen Chen - MSFT Monday, March 19, 2012 6:19 AM
- Proposed as answer by Sars C Monday, March 19, 2012 12:29 PM
- Marked as answer by Allen Chen - MSFT Tuesday, March 27, 2012 7:01 AM
Monday, March 19, 2012 6:19 AM
0

Sign in to vote
ive also noticed you can easily view the source of javascript based apps which is a bit of a security risk if your code includes urls to servers which store data and payment processors that type of thing so it would be best to obfuscate and minify your code. it would be great if this could be done automatically by the windows store on app submission for that extra piece of mind and i know microsoft or under no obligation to do anything like that but it would be an added bonus for javascript developers

a quick search on bing for javascript obfuscators and minifiers will bring up a good collection of free services you can use
- Proposed as answer by Jeff SandersMicrosoft employee, Moderator Monday, March 19, 2012 1:07 PM
- Marked as answer by Allen Chen - MSFT Tuesday, March 27, 2012 7:01 AM
Monday, March 19, 2012 1:04 PM
0

Sign in to vote
Obsucation won't help if your web services aren't secure. That's another thing altogether.
- Marked as answer by Allen Chen - MSFT Tuesday, March 27, 2012 7:01 AM
Monday, March 19, 2012 3:07 PM
1

Sign in to vote
Obfuscation protects you against one and exactly one thing: someone copy-pasting your code directly into their app and having the benefit of your awesome formatting and comments. It should not be considered a true security measure as it can be prettified and deciphered just like any managed code out there. Any code that is running on the client machine should be considered totally visible to the user of the client machine.

Also worth considering is if you minify your code, the callstacks you get back from the store for crashing apps will contain the minified function names and might not be terribly useful for you.

Cheers,

-Jeff
- Marked as answer by Allen Chen - MSFT Tuesday, March 27, 2012 7:01 AM
Monday, March 19, 2012 5:43 PM

Answered by:

Will users be able to see my app code?

Question

Answers

All replies