Security issue about uploading

Ok so you are worried about security but you’re using WordPress so there’s that and you now want to try and secure JS files. There is no real good answer. You can obfuscate but that can be cracked. You can create encryption but better off changing platforms.

What are you trying to protect? Your code? Your customer data? Transactions?

GLTF files are fully exposed to the end user so there would be no benefit to moving them off any platform. The only security you can have for a model is not create one you dont want to give away for free. Its like an image…once its out there…its there for anyone to copy and use as they want. You can add a copyright to it…or if the content is copyrighted then you have some protection but other than that…nothing you can do to project the models.

Hi,
Unfortunately, any advice I could give you would probably be incorrect without knowing the complete server structure and security measures that are in place. All I can offer is a sanity check.

If you are in control of the market place and the vendors are your customers then you are the one in control of what they can and can not do. If you business model is such that you allow code to be uploaded by the vendors to your server then your platform should be built in such away to securely keep vendors files isolated from the main server code as well as any code of other vendors. Needless to say allowing vendors to upload anything leaves any service extremely vulnerable to all sorts of hacks and attacks.

A typical market place implementation would allow models to be uploaded and permitted html, and css in specific block definitions and anything else would be deleted and in folders setup where execution could not take place. More importantly, it wouldn’t allow uploads of any unauthorized file type.

I would strongly suggest hiring a security hardening firm that specializes in this sort of thing.