cztomczak
Encrypt and embed static resources (js/css/images) inside phpdesktop executable
We need a way to protect the www/ directory, using php encoder
is an option, but it won't protect other files in the www
directory.
Before we start work on thiss issue we need to implement Chrome
engine (Issue 1) and PHP API calls (Issue 3).
If the www directory is embedded in zip file, we should not extract
it anywhere to the file system, the best way is to extract it to
memory, so that it's really hidden. But doing it this way won't
work with web-server (unless we modify web-server to work with our
virtual in-memory filesystem). In Chrome web-server is not needed,
as there Scheme handler that acts similarly to a web-server.
For keeping www directory in memory we will probably need some kind
of Virtual File System.
To execute PHP scripts that aren't accessible through local file
system we would have to hook up to the PHP API (Issue 3).
The www directory can be encrypted in a zip file using AES encryption,
we could use this simple C++ library:
http://www.lomont.org/Software/Misc/AES/AES.php
We will also need some zip library.
An option for the zip file to reside along with the exe file (
data.zip or data.dat - the zip filename could be customized through
settings.json file).
The best option would be to embed that zip file in exe file as
a resource.
Some tool for automating the process of encrypting zip file and
embedding it in exe file would be useful.
Original issue reported on code.google.com by [email protected] on 2 Feb 2013 at 3:13
When this issue gets implemented, think about embedding settings.json file in
the
exe file as a resource, to protect it from prying eyes.
Original comment by [email protected] on 2 Feb 2013 at 3:26
Chrome engine is not necessary for this issue to get implemented.
Original comment by [email protected] on 2 Feb 2013 at 3:56
To use an in-memory file system in Mongoose web-server you have to
implement "open_file" callback, example here:
https://github.com/valenok/mongoose/blob/ee55d38b5592cbb55b78c74c2c36fc768fc22a0
7/test/unit_test.c#L192
Original comment by [email protected] on 2 Feb 2013 at 5:28
Serving static resources from the in-memory file system using Mongoose
web-server seems easy, but things get complicated for the PHP scripts
executed through PHP API, you would have to implement more callbacks
in the Mongoose for handling request variables, submitting forms and
uploads.
Original comment by [email protected] on 2 Feb 2013 at 5:42
See this topic for an in-memory filesystem with Mongoose:
https://groups.google.com/d/topic/mongoose-users/JhNQFKC_0wI/discussion
Original comment by [email protected] on 2 Feb 2013 at 5:57
See also Issue 90 "Compile javascript to native code".
Original comment by [email protected] on 16 Feb 2014 at 4:25
There is this simple batch command that can embed resources in an exe file:
copy /b phpdesktop.exe+resources.zip phpdesktop.exe
(found in node-webkit examples, haven't tested it yet).
Original comment by [email protected] on 16 Feb 2014 at 4:30
Encrypt the ZIP file with 7-zip before embedding it in an exe. Use for example
AES-256 encryption. For command line examples see:
http://www.cnx-software.com/2011/02/22/aes-256-encryption-and-file-names-encryption-with-7-zip-7z/
Original comment by [email protected] on 16 Feb 2014 at 4:35