Forum Discussion
Protecting Sensitive Data inside Storyline
You can minimize your JavaScript, and you can obfuscate it, but since it runs on the client you can't really do more than make it inconvenient for a user to view it. Most of whatever you might do can be undone well enough to piece it back together if someone is determined. If you were to place your sensitive information into a server-side script (like PHP) that remains hidden from the client, then that would provide protection but any JavaScript will be exposed.
What do you mean by minimizing the Javascript?
I do understand, I did think that might be the case that its always gonna be able to be seen.
I need to figure out how to hide API keys though.
- Nathan_Hilliard2 months agoCommunity Member
Minimizing compacts he code (runs everthing together, saving space and making it hard to read). Obsfucating makes it extra hard to read. See this for additional detail.
If you don't want someone to gain access to your keys, passwords, or whatever, they should not go into your JavaScript. Even if you try to mask it, if someone realizes the information is there (for example, by poking around your files or looking at the browser inspector), then it is not difficult to gain full access to that data.
- Nathan_Hilliard2 months agoCommunity Member
As for your API keys: Not sure what you're doing but often data or files that will be processed by some service that requires a key get uploaded to a server, which then re-uploads them to the outside service using your (then inaccessible) keys. The processed files or data are then returned to the client browser (as a downloadable link, or directly transferred as data).