How can I password protect my entire web site from other server administrators?

Hi,

I need a little advice regarding security. I have developed a web site that is going to be run on a shared server. The web site was created in DreamweaverMX using VB.Net. All I want to do is protect my source code from the prying eyes of other server administrators. Is there a cheap program or a free way of doing this?
pgilfeatherAsked:
Who is Participating?
 
SvenForkbeardCommented:
Hello pgilfeather,

Wow, that's an interesting question!  From what you've said, I can only see a few possibilities:

1. You can't necessarily hide your HTML source codes, but you CAN run compiled executables on a website.  All you would do then is have only execs in your /cgi-bin/ folder (for example) and HTML with references and properly formatted command lines. I think that Visual Basic can make execs from source fairly easily, but you may want to read up on it a little more. Obviously, compiled code is pretty close to "encrypted" for the most part, since decompiling it is difficult to impossible.  Be warned, however: there are lots of tools to analyze compiled code. See for example PE Explorer:

http://www.heaventools.com/

2.  If you're not into C++ programming for the Web, jphili's suggestion sounds pretty good.  Just don't bother trying it with JavaScript.  A fine example of how JS obfuscation is defeated can be found in DJ Java Decompiler here:

http://dj.navexpress.com/

Sometimes it's just no fun having other admins around.  My best advice is to host your site on a system whose admins you DO trust, or host it yourself and pay for this ultimate security.  Whatever you choose, best of luck to you.

Sven
0
 
salvagbfCommented:
I don't think that there's any way to do this.  If someone has administrative rights to the file system itself, even if you have permissions to remove them from the Security tab under the folder's properties, they can still reset the permissions if they really want to.  It would negate the concept of a computer Administrator if they could be locked out of a part of the computer.  

I mean, of course you can use a third party utility to encrypt the files but then they wouldn't be accessible via the web server either.  
0
 
jphiliCommented:
I don't think you can protect your code from an administrator.
He will have to set up everything and even if your code is encrypted, he will have to set up the decryption for that code to be able to run.

What is possible, is to make the code a lot less usable.
Obfuscation changes the source code by change the readable varaiable and function names into something a lot more cryptic.  Leading to code that has the same function, but is a lot harder to read and therefor also to re-use.

You can find a tool overview at:
http://www.csharpfriends.com/statics/tools.aspx

Remotesoft claims to have not only an obfuscator, but also a protector:
http://www.remotesoft.com/
No personal verification or garantees from my part though as to the protector added value.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.