How can I protect client side code and Json files?

api
json
nosql

#1

I am not at all an experienced coder. I like to program an have done some basic things in VB.

I have an idea for a business server-less web/mobile app with a NoSQL DB. I am thinking to go with AWS Lambda and DynamoDB. I think of using AWS for all the security, authentication and other tools built in, but still not 100% sure.

Like I said before, I am not an experience coder but I would like for my app to be able to do some things offline. This means I need a frontend to run some code and store some json files on the client computers.

I am worried that if I use javascript on the browser that any one can steal my code and/or the json files. My code wont be rocket science, but still, I dont want any one to copy them so easily. Also, If I am going to send code and files up and down from my backend to frontend, I would like to have some level of encryption in my fiels.

All your courses look to be very interesting and I do not plan to learn all this in one simple course. However, can you tell me if some or any of this topics will be covered on your courses and if so which ones. Also, can you guide me on what path do you believe I could follow to achieve my learning objectives.


#2

How does localStorage work? Is this part of the solution to offline access to data? Is there a way to make data inaccessible without authentication when accessed offline, client-side? I don’t know, which is why I ask. Maybe this is your question, too.

How can we secure data and code once it reaches the client, and is offline so it cannot send distress calls home? We are powerless to stop the user from disseminating the data or the code if they have the wherewithal to extract, enumerate, evaluate, execute, etc. the assets, then they’re going to do it.

First step that comes to my mind (not an expert, or nax for short) is to limit the value of the data. Nothing personal, ever. That means no information of an individual that can be used on social media or in a deep query would ever be allowed in this data stream. Weather, science, markets, sports, etc. are all safe data streams. Just not personal information, of any form.

Limiting the value of the data limits the threat of abuse or intrusion simply because it is not interesting enough. If you don’t want wolves at your door, stow the garbage well away from your abode and clean up after your barbecue. Leave valueless scent trails with your data and they are less likely to go after your code.

As far as code is concerned, I can offer no advice. A person with full access to the hardware who possesses the knowledge to locate and disseminate your code would have full knowledge of how you analyze otherwise valueless data. Whoo-hoo, they just got a lesson in programming. Code, valued by what it could do. Again, no breakthroughs, here.

Secure your data at the front line. If there is risk, then nothing offline. It’s how Apple got so rich.