Is there a way to not allow the user to publicly download the 3d model and texture files that i'm showing?

Hello atylerrice,

I am glad you are asking this question, because it is certainly the up most important security question pertinent to ALL webGL (THREE.js) applications.

From what I have seen thus far almost nobody (standards, libs, frameworks) provides a solution to such problematic, because it is a complex issue that span into another category of expertise rarely found in the domain of computer graphics and which is (most of the time) done last in computer development: Security.

There is certainly multiple aproach that would solve the problem temporarely, but to do it right once and for all, it takes a strong fundation that affects everything from the ground up: processes, code, UIs, scripts, object files… You wish to protect the 3d models, but you may also want to protect your scripts, so hackers would not be able to clone your site easily or find an exploit to take control, or bypass game logic, etc…

The only long term approach to resolve this problem is to apply a series of web security best practices :

  • multiple encryption levels
  • server side token verification
  • multiple proprietary/private steps

Note: there is a tradeoff between performance & security strength when applying multiple steps specific to each case scenario.

Yes, this solution takes a lot of man hours and another kind of expertise in order to do it right. Plus, every security solution is not 100% bulletproof neither, but the time spend to crack such approach would be so large that it makes no sense to apply energy cracking it.

If you need a solution right away and don’t want to spent time in security dev., I know one company providing such security service via a middleware: http://multivers3D.fr

Hope this info will help you move further. I know, it may not be the answer you were expecting, yet again, it is a complex problem touching everyone, thank you for asking!