Hello all, we are begining with Babylon, and we need use the viewer for put in online shop.
The problem is the 3D file .glb in Babylon js Viewer, this file is available for anyone to download reading the source code of html or php, exist some system for can block the download or add more security, any type of hide this? I think is important for the stores or work world, because the competitors can download it and have the work made.
Thank you 
Hello and welcome to our new home!
This is a recurring question! I’m currently working with some folks @W3C to try to find a common ground here for users.
In the meantime (and this is not related to Babylon.js but really to all web development) you do not have a lot of options. You can obviously obfuscate your code but for assets there is almost nothing you can do.
Only thing I can think of would be to tweak the glb a bit to add some random changes that you could take in account in a modified version of our viewer… But it is tricky 
Maybe one day we’ll have an option to encrypt javascript in the browser… but until then, (and yet even then), if you know what to do, you can get the data.
If not directly from the source, then extracted from the javascript
TL:DR; Even if the source was hidden/encrypted/etc, One could still extract (serialize) the mesh from scene.meshes.
Ops, I think this is an very important feature for the future, in this world of all copy… 
Indeed, the best we can do is to make it harder, so as Deltakosh pointed out, obfuscating aswell as renaming files and variables in production.
Why name a file “BMW_318.gltf”
When it could be called “1.gltf”, leaving no clue what the model is.
Also javascript variables,
Why Var BMW = …
Why not Var mesh_a = …
Hopefully some smart people will have a genius idea on how to protect web assets in the future
I’m curious about how Sketchfab protects their data. My feeling is that they make a fork of glb, doing magic in the binary file as Deltakosh says above.
But they show us that’s possible… just probably many tons of hours to achieve the result… and maintain it against crackers.
A way could be to stream your 3D scene as live video, like Steam Link: user have interactions, but not calculations and so 3D data.
That is true, I think i read google(?) was testing this kind of system, however, you need big and expensive servers to handle that kind of rendering for every visitor + the bandwidth use would be huge, combined with latency issues, i don’t see this being game-ready for years to come.
Small simple scenes like a product display, perhaps, yes, that could be a viable solution.
Having some form of asset copy protection would be nice but no technical solution will ever be perfect and ultimately this is a legal (intellectual property / copyright) matter … nothing beats clear “terms of use” and, if needs be, a choicely worded “cease and desist or takedown” letter.
Personally, I think just splitting up assets into more granular chunks (modular sub-meshes, textures, animations etc) then using the Assets Manager to load and assemble (mix and match) the assets in game would make stealing things more trouble than it’s worth for most people. I know it’s a bit more work but I prefer this approach, irrespective of the copying issue.
No matter how you encrypt your code or 3D model files, you can not protect your content, and you probably shouldn’t do that.
As long as the modern GPU is still used to display something on the monitor, you can not stop user to get your content.
Ninja Ripper and many GPU Analysis softwares can directly rip 3D Models from the display card.
Here is an old but great article talking about this topic, by Brandon Jones
Some practical suggestions are:
Split your 3D model files into pieces and do not use the entire formatted file like *.glb or *.gltf. Try to split them into vertex data level, loading encrypt or compressed content from a data base instead of files, for JSON format you can use MongoDB.
Use HTTP software on your back-end server to control the permission.
Uglify your Javascript code or use source-closed Webassembly module to deal your data.
If you don’t care performance losing, do not use any usual image format (jpg, png, dds, crunch…) as texture, try to pass typed array directly to gpu or decompress texture just before drawing.
Pray, the viewers don’t know any ripper software.
Is there any update on this? Are there any out-of-the-box solutions for encrypting or password-protecting 3d models?
I know it’s possible to break them but this is required by 3d model stores: https://help.cgtrader.com/hc/en-us/articles/360015124437-Royalty-Free-License
If I remember correctly @PatrickRyan was researching about this subject, have you found any solutions Patrick?
@carolhmj and @yuripourre this is a tough problem to solve because any time you send something to the browser to be rendered, it can be intercepted. The most I have been able to come up with that does not have any costs in authentication is just to make the content less convenient to steal. Something like using the .babylon format for your assets might be an easy step as its a binary and nothing besides Babylon will open the file directly. Someone could convert the file if they put in the time to understanding the engine and how to read the file, but for the common user it may be enough to dissuade them. However, this is not a way to secure your assets, just to make them more annoying to save and reuse.
Thanks for the reply. I know that, and I agree with you 100%. To be honest it is not something I care but in order to use models from those stores this is required by the license.
When I asked, I was wondering if there something out-of-the-box to load models, like:
BABYLON.SceneLoader.ImportMeshAsync("", "assets/models/", "mymodel.glb.encrypt", "mypassword", scene);
It’s not too hard to implement but because my free time is very limited I will try to use less restrict licenses.
Yep we don’t have it out of the box because of these challenges