General Security Concerns

The most basic security concern with WebAssembly modules you saw in the “round-trip” compilation sample early on in the book. Anything that you compile into a wasm file can be disassembled and converted back into wast text format, or even other languages capable of targeting WebAssembly.

This means that you should never believe that anything in your module will remain private. Nor should you ever put anything into the WebAssembly module that could be considered a trade secret. In other words, if you wouldn’t want it exposed to the public, don’t put it in a WebAssembly module. This is essentially the same advice given to people writing client-side JavaScript. We’ve got obfuscation and minimization tools, but if someone wants to reverse engineer your logic, they’ll do it.