Closed MatthewMcCarthy7 closed 5 years ago
Downloading the symbols or downloading the actual app source code? If you are talking about the actual source code - and you are working with NAV 2018 - there is no way to prevent it. See #2791
When I publish my App through Powershell for 2018 in CU2 and CU6, the download source page action is not enabled, so it's not related to that issue. The issue is that if you do not have the source code, in VS code app.json file you can still put the dependecy to the extension and download the symbols without having the actual source code. This could allow someone to write an extension based on your extension to change data that you do not want changed. For example, I have a License Setup table and you have to call a function to modify certain fields, which would be modified from an API. If the user can download the symbols they can change that License Setup table by extending the extension and changing the values from the API.
Adding references and being able to have reference symbols is by design . In a local environment like NAv 2018 you own the database and all security associated to it. Isn' t it?
I tried this in BC and was still able to download symbols.
This is currently by design. We have no concept of "sealed extensions". Anyone can extend your schema/code.
However, we are working on a feature for storing secrets per extension and this will be the recommended approach for things like License Key.
If I have an App Installed, how do I prevent the symbols from being download for that app, without having the actual source code? I tried putting Showmycode to false and was still able to download the symbols.