Home/ Documentation/ Getting started/ Install and run Pinegrow/ Technical information and security

Technical information and security

Learn how to safely use Pinegrow on your computer and network.

Pinegrow Web Editor is a desktop application. As such it can work with projects stored on your computer and access information on your network.

For example:

  • You can open, edit and save HTML documents directly from your development environment without having to upload and download documents to an online service.
  • You can connect to Pinegrow Web Editor from your mobile device on the same network and preview the document directly on the mobile device.

These are great usability features, but as is the case with any software that is installed on our computer, we have to pay attention to use it safely, in a way that would prevent any malicious actors from taking advantage of potential security issues.

Software applications are nowadays very complex, with a lot of parts and libraries that are not under the control of the developer of the application. Hoping that there are no bugs or security holes in there is not a good security strategy.

That means we can’t rely on the application itself to keep itself safe.

The best guideline for safely using any desktop software is to assume that the application can be compromised.

Under this assumption, applications should be installed and run under user accounts that give them enough permissions to operate correctly and not more.

Actually, that’s the way how all modern operating systems work.

Applications are run under user accounts that are by default prevented from doing any changes to system files or settings.

In addition operating systems such as Windows and macOS come with built-in tools that actively monitor what applications are doing.

Another important advice is to never run cracked applications downloaded from the internet.

It might be nice to get useful software for free, but ask yourself: Why are people who crack and distribute hacked software going through all that trouble? Is it for their love of humanity or profit?

Once the application is cracked it is very easy to add malicious code that can cause all sorts of trouble: from mining coins to stealing your personal information.

Up to this point, we talked about safely using software in general.

Now, let’s take a look at how we at Pinegrow are making sure that users can work with Pinegrow safely.

Use original software, not cracked versions

First, when it comes to using pirated copy of Pinegrow, we understand that people might find themselves in circumstances where they are unable to afford Pinegrow. But opening themselves to risks of using a pirated version is not a good solution. Instead we encourage people to get in touch with us so that we find a solution.

Anti-virus and anti-malware checks

Every Pinegrow release is checked with Google’s VirusTotal.com for malicious code. VirusTotal scans the install packages with more than 50 virus detectors. You can check the results directly from our download page.

Code-signing

Original install packages for Windows and macOS are digitally signed with our verified code signing certificate. That ensures that the content of install packages were not modified during the download process or after.

Security of the internal web server

Pinegrow relies on a simple internal web server to display documents in page view and to preview them in browser.

The web server is designed to be simple and safe:

  • When a project is open, it serves only the files from the project folder.
  • If project is not open, it only serves web-related files such as HTML, CSS and JS documents and images.
  • When the web server is accessed from a remote device it will ask you if you want to allow the connection. Only connections from localhost are accepted by default.

Note that the port of the internal web server needs to be accessible to Pinegrow. Operating system usually asks about that when you run the application for the first time. If we need to further lock-down the access to the internal web server we can use system settings to block access to that port from other devices.

Using online Pinegrow Library

Pinegrow Blocks library is loaded from our web server when Pinegrow is run. It is not included in the installed files because serving it remotely lets us easily and quickly update and improve the library.

Library files are from our secure web server through HTTPS.

Collecting usage data

Pinegrow uses Google Analytics to collect anonymous information about when the application is run. This can be disabled in Pinegrow Settings (not in the trial mode).

Technical information

For those that are interested how Pinegrow is build under the hood:

Pinegrow is a web application built with HTML, CSS and JavaScript, packaged with NWJS into a desktop application.

NWJS is a combination of Chromium browser and Node.JS.

99% of Pinegrow code is a pure client-side web application that runs in the browser, the rest is Node.JS code for working with local files and running the internal web server.