?
Solved

How can I password protect my entire web site from other server administrators?

Posted on 2004-10-19
3
Medium Priority
?
188 Views
Last Modified: 2012-05-05
Hi,

I need a little advice regarding security. I have developed a web site that is going to be run on a shared server. The web site was created in DreamweaverMX using VB.Net. All I want to do is protect my source code from the prying eyes of other server administrators. Is there a cheap program or a free way of doing this?
0
Comment
Question by:pgilfeather
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 6

Expert Comment

by:salvagbf
ID: 12349619
I don't think that there's any way to do this.  If someone has administrative rights to the file system itself, even if you have permissions to remove them from the Security tab under the folder's properties, they can still reset the permissions if they really want to.  It would negate the concept of a computer Administrator if they could be locked out of a part of the computer.  

I mean, of course you can use a third party utility to encrypt the files but then they wouldn't be accessible via the web server either.  
0
 

Expert Comment

by:jphili
ID: 12355953
I don't think you can protect your code from an administrator.
He will have to set up everything and even if your code is encrypted, he will have to set up the decryption for that code to be able to run.

What is possible, is to make the code a lot less usable.
Obfuscation changes the source code by change the readable varaiable and function names into something a lot more cryptic.  Leading to code that has the same function, but is a lot harder to read and therefor also to re-use.

You can find a tool overview at:
http://www.csharpfriends.com/statics/tools.aspx

Remotesoft claims to have not only an obfuscator, but also a protector:
http://www.remotesoft.com/
No personal verification or garantees from my part though as to the protector added value.
0
 
LVL 1

Accepted Solution

by:
SvenForkbeard earned 2000 total points
ID: 12363874
Hello pgilfeather,

Wow, that's an interesting question!  From what you've said, I can only see a few possibilities:

1. You can't necessarily hide your HTML source codes, but you CAN run compiled executables on a website.  All you would do then is have only execs in your /cgi-bin/ folder (for example) and HTML with references and properly formatted command lines. I think that Visual Basic can make execs from source fairly easily, but you may want to read up on it a little more. Obviously, compiled code is pretty close to "encrypted" for the most part, since decompiling it is difficult to impossible.  Be warned, however: there are lots of tools to analyze compiled code. See for example PE Explorer:

http://www.heaventools.com/

2.  If you're not into C++ programming for the Web, jphili's suggestion sounds pretty good.  Just don't bother trying it with JavaScript.  A fine example of how JS obfuscation is defeated can be found in DJ Java Decompiler here:

http://dj.navexpress.com/

Sometimes it's just no fun having other admins around.  My best advice is to host your site on a system whose admins you DO trust, or host it yourself and pay for this ultimate security.  Whatever you choose, best of luck to you.

Sven
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question