cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Have a PTC product question you need answered fast? Chances are someone has asked it before. Learn about the community search. X

How to avoid Thingworx custom javascript sql code of one machine being exposed in another machine

Go to solution
Siddharth_Jhs
14-Alexandrite
14-Alexandrite
‎Mar 23, 2023 03:13 AM
‎Mar 23, 2023 03:13 AM

How to avoid Thingworx custom javascript sql code of one machine being exposed in another machine

Hi Team,

We have a requirement to encrypt our custom code and then deploy it in another machine for security purpose. For this I built an extension using java eclipse code as mentioned in following link :

https://support.ptc.com/help/thingworx/platform/r9/en/index.html#page/ThingWorx/Help/Best_Practices_for_Developing_Applications/EclipsePluginCreatingAnExtensionProject.html#

 

But when I imported my custom extension, I can still see my custom code in another machine. Please guide me to avoid such scenario. Attaching you screenshot of Sample Project I created for testing.

Steps followed: 

1) Created Sample Project in machine 1 and exported zip file of source control entities.

2) Eclipse--> New ---> Thingworx Extension Project

3) Created New Folder under Project with name as Entities and pasted all folders of Source Control entities in this folder Entities

4) executed ant-build command to build extension project.

5) Go to directory where built file is created and import it in machine 2 

D:\Thingworx_Development\Sample_Project_Ext\build\distributions\Sample_Project_Ext.zip

 

 

Regards,

Sid

Labels:
Preview file
29 KB
Preview file
219 KB
Preview file
29 KB
0 Kudos
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
TravisPickett
12-Amethyst
12-Amethyst
(To:Siddharth_Jhs)
‎Mar 30, 2023 09:53 AM
‎Mar 30, 2023 09:53 AM

Hello,

 

The only way I know how to hide the code from within composer is to create everything as java based entity in an extension as mentioned.

 

I however strongly recommend against this approach. If you do go forward with the extension make sure it is fully thought out and validated.  We have seen where these types of solutions are harder to maintain, debug, and can have longer development times.  Every change to your solution will also require a platform restart to have the latest changes deployed.

 

You may be able to take a different approach and remove all users from the composer user group.  Then assign only the Administrator to this group,  This will prevent all but specific users from accessing the /composer url.  This would hide the javascript code and ability to export entities to "authorized" users.  If you go with this approach make sure to spend extra time initially validating the solution and permissions as this group is used to provide some OOTB permissions that will need to be re-granted.

 

Thanks,

 

Travis

View solution in original post

Notify Moderator
2 REPLIES 2
Velkumar
19-Tanzanite
19-Tanzanite
(To:Siddharth_Jhs)
‎Mar 24, 2023 01:35 AM
‎Mar 24, 2023 01:35 AM

Hi @Siddharth_Jhs 

 

I just created a Thingworx extension

 

I'm not able to see the code of entities that I created in eclipse 

 

C2.PNG

 

C1.PNG

 

But I'm able to see the code of the entity that I created in Thingworx and exported as an XML file

C3.PNG

 

I think if you want to encrypt/hide the code, you have to recreate all entities in eclipse 

 

/ VR

Notify Moderator
TravisPickett
12-Amethyst
12-Amethyst
(To:Siddharth_Jhs)
‎Mar 30, 2023 09:53 AM
‎Mar 30, 2023 09:53 AM

Hello,

 

The only way I know how to hide the code from within composer is to create everything as java based entity in an extension as mentioned.

 

I however strongly recommend against this approach. If you do go forward with the extension make sure it is fully thought out and validated.  We have seen where these types of solutions are harder to maintain, debug, and can have longer development times.  Every change to your solution will also require a platform restart to have the latest changes deployed.

 

You may be able to take a different approach and remove all users from the composer user group.  Then assign only the Administrator to this group,  This will prevent all but specific users from accessing the /composer url.  This would hide the javascript code and ability to export entities to "authorized" users.  If you go with this approach make sure to spend extra time initially validating the solution and permissions as this group is used to provide some OOTB permissions that will need to be re-granted.

 

Thanks,

 

Travis

Notify Moderator
Announcements


Contact Community Management
Top Tags