Solved

How can I password protect my entire web site from other server administrators?

Posted on 2004-10-19
3
181 Views
Last Modified: 2012-05-05
Hi,

I need a little advice regarding security. I have developed a web site that is going to be run on a shared server. The web site was created in DreamweaverMX using VB.Net. All I want to do is protect my source code from the prying eyes of other server administrators. Is there a cheap program or a free way of doing this?
0
Comment
Question by:pgilfeather
3 Comments
 
LVL 6

Expert Comment

by:salvagbf
Comment Utility
I don't think that there's any way to do this.  If someone has administrative rights to the file system itself, even if you have permissions to remove them from the Security tab under the folder's properties, they can still reset the permissions if they really want to.  It would negate the concept of a computer Administrator if they could be locked out of a part of the computer.  

I mean, of course you can use a third party utility to encrypt the files but then they wouldn't be accessible via the web server either.  
0
 

Expert Comment

by:jphili
Comment Utility
I don't think you can protect your code from an administrator.
He will have to set up everything and even if your code is encrypted, he will have to set up the decryption for that code to be able to run.

What is possible, is to make the code a lot less usable.
Obfuscation changes the source code by change the readable varaiable and function names into something a lot more cryptic.  Leading to code that has the same function, but is a lot harder to read and therefor also to re-use.

You can find a tool overview at:
http://www.csharpfriends.com/statics/tools.aspx

Remotesoft claims to have not only an obfuscator, but also a protector:
http://www.remotesoft.com/
No personal verification or garantees from my part though as to the protector added value.
0
 
LVL 1

Accepted Solution

by:
SvenForkbeard earned 500 total points
Comment Utility
Hello pgilfeather,

Wow, that's an interesting question!  From what you've said, I can only see a few possibilities:

1. You can't necessarily hide your HTML source codes, but you CAN run compiled executables on a website.  All you would do then is have only execs in your /cgi-bin/ folder (for example) and HTML with references and properly formatted command lines. I think that Visual Basic can make execs from source fairly easily, but you may want to read up on it a little more. Obviously, compiled code is pretty close to "encrypted" for the most part, since decompiling it is difficult to impossible.  Be warned, however: there are lots of tools to analyze compiled code. See for example PE Explorer:

http://www.heaventools.com/

2.  If you're not into C++ programming for the Web, jphili's suggestion sounds pretty good.  Just don't bother trying it with JavaScript.  A fine example of how JS obfuscation is defeated can be found in DJ Java Decompiler here:

http://dj.navexpress.com/

Sometimes it's just no fun having other admins around.  My best advice is to host your site on a system whose admins you DO trust, or host it yourself and pay for this ultimate security.  Whatever you choose, best of luck to you.

Sven
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video discusses moving either the default database or any database to a new volume.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now