STL file loader - Security

I have a website where I use STL loader. There is any way how somebody can download the STL file??
If there is a way can I put any kind of security.? Please help

Yes, any file that gets to the users browser (so any image you show, any text, any model) can be downloaded and saved on the computer (it’s enough to open developer console :point_right: go to network panel :point_right: select desired model request :point_right: download)

Quick answer - no, not really. The only fool-proof method to secure a 3D model is to display it as an image (that’s how pages like Quixel / SketchFab / CGTrader work.) If users browser receives only a screenshot of rendered model from you - they cannot get the model. If you render the model on their computer in any way - they can save the model.

Long answer - there are SOME workarounds, but they take a lot of math/3d knowledge and time to execute, and won’t really help in the long run.

(1) Digital fingerprinting - if your users have unique IDs, you can calculate a hash value based on the user ID and place it somewhere within the model. For example: take 2 edges of the model, and calculate their length ratio, then rescale one of the edges by the user hash value divided by 1000. The scaling won’t be visible unless you know it is there.
When you find your model online and stolen, download it and calculate the ratio of the two edges and multiply it backwards to receive the user hash value. Based on the hash value you can determine which user downloaded and shared the model. Then take legal action according to the terms and conditions of your app / company (although the light is unlikely to be worth the candle.)

(2) Watermark the model the same way as you would with an image. Take each face of the model, calculate the center of it, render a 3D watermark text on it, extrude it, move a small distance according to the normal vector of the face inwards, and merge the text within model. If your model is used for 3D printing such watermark on every face can be a hell of work to remove, so it can be a good way to secure your model - but the watermarking has to be done on the server-side, not on the user computer.
Nevertheless, if someone is determined enough I think they’ll find a way to remove the watermark, or bypass it. Once again, it’s not 100% secure.

Welcome to front-end development :’)

2 Likes

This topic was already discussed multiple times at the forum e.g.

@fidel62 Please always search for existing topics before creating a new one.

2 Likes