Reason for obfuscating values as Base64 in CEF configuration?

[Wolfizen]

In src/browser/app.cxx / Browser::App::Execute, the configuration values are encoded with Base64 and then decoded on the JS side. Why are they obfuscated in this manner, and not specified directly as plaintext?

The configuration values are important to look at when auditing this software before use, as they are involved in the login process. Having an extra step to manually decode them to inspect them might cause concern.

Apologies for creating a new issue for this, it seems the best way to ask this question in a way that also will provide the answer to anyone else who might have the same question.

[Adamcake]

I created this without the blessing of the game company in question. While I did it with the best of intentions, first-parties and their lawyers may not see it the same way, so I did my best to obfuscate certain phrases which might otherwise show up in search engines or greps. You'll find more of them here and here.

Sorry - it's annoying for me too, but I would hate for thousands of people who are otherwise unable to play their favourite game to lose out because of my own carelessness.

[Wolfizen]

Thank you for your detailed and explanatory answer, and for linking to similar examples.

I understand the reasons you have laid out. The consequences to readability and comprehension of the code are unfortunate, but I can see why you have chosen to design it in this way. After hearing your answer, I think it is best that it is done the way it is.

Thank you for the work you are doing, and I agree that protecting this software and its benefits to this unique group of players is very important, myself included.

I'll close this issue now, hopefully this discussion will be useful to those in the future who want to know why it was done this way.