Solved

How can I password protect my entire web site from other server administrators?

Posted on 2004-10-19
3
184 Views
Last Modified: 2012-05-05
Hi,

I need a little advice regarding security. I have developed a web site that is going to be run on a shared server. The web site was created in DreamweaverMX using VB.Net. All I want to do is protect my source code from the prying eyes of other server administrators. Is there a cheap program or a free way of doing this?
0
Comment
Question by:pgilfeather
3 Comments
 
LVL 6

Expert Comment

by:salvagbf
ID: 12349619
I don't think that there's any way to do this.  If someone has administrative rights to the file system itself, even if you have permissions to remove them from the Security tab under the folder's properties, they can still reset the permissions if they really want to.  It would negate the concept of a computer Administrator if they could be locked out of a part of the computer.  

I mean, of course you can use a third party utility to encrypt the files but then they wouldn't be accessible via the web server either.  
0
 

Expert Comment

by:jphili
ID: 12355953
I don't think you can protect your code from an administrator.
He will have to set up everything and even if your code is encrypted, he will have to set up the decryption for that code to be able to run.

What is possible, is to make the code a lot less usable.
Obfuscation changes the source code by change the readable varaiable and function names into something a lot more cryptic.  Leading to code that has the same function, but is a lot harder to read and therefor also to re-use.

You can find a tool overview at:
http://www.csharpfriends.com/statics/tools.aspx

Remotesoft claims to have not only an obfuscator, but also a protector:
http://www.remotesoft.com/
No personal verification or garantees from my part though as to the protector added value.
0
 
LVL 1

Accepted Solution

by:
SvenForkbeard earned 500 total points
ID: 12363874
Hello pgilfeather,

Wow, that's an interesting question!  From what you've said, I can only see a few possibilities:

1. You can't necessarily hide your HTML source codes, but you CAN run compiled executables on a website.  All you would do then is have only execs in your /cgi-bin/ folder (for example) and HTML with references and properly formatted command lines. I think that Visual Basic can make execs from source fairly easily, but you may want to read up on it a little more. Obviously, compiled code is pretty close to "encrypted" for the most part, since decompiling it is difficult to impossible.  Be warned, however: there are lots of tools to analyze compiled code. See for example PE Explorer:

http://www.heaventools.com/

2.  If you're not into C++ programming for the Web, jphili's suggestion sounds pretty good.  Just don't bother trying it with JavaScript.  A fine example of how JS obfuscation is defeated can be found in DJ Java Decompiler here:

http://dj.navexpress.com/

Sometimes it's just no fun having other admins around.  My best advice is to host your site on a system whose admins you DO trust, or host it yourself and pay for this ultimate security.  Whatever you choose, best of luck to you.

Sven
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question