Solved

How can I password protect my entire web site from other server administrators?

Posted on 2004-10-19
3
187 Views
Last Modified: 2012-05-05
Hi,

I need a little advice regarding security. I have developed a web site that is going to be run on a shared server. The web site was created in DreamweaverMX using VB.Net. All I want to do is protect my source code from the prying eyes of other server administrators. Is there a cheap program or a free way of doing this?
0
Comment
Question by:pgilfeather
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 6

Expert Comment

by:salvagbf
ID: 12349619
I don't think that there's any way to do this.  If someone has administrative rights to the file system itself, even if you have permissions to remove them from the Security tab under the folder's properties, they can still reset the permissions if they really want to.  It would negate the concept of a computer Administrator if they could be locked out of a part of the computer.  

I mean, of course you can use a third party utility to encrypt the files but then they wouldn't be accessible via the web server either.  
0
 

Expert Comment

by:jphili
ID: 12355953
I don't think you can protect your code from an administrator.
He will have to set up everything and even if your code is encrypted, he will have to set up the decryption for that code to be able to run.

What is possible, is to make the code a lot less usable.
Obfuscation changes the source code by change the readable varaiable and function names into something a lot more cryptic.  Leading to code that has the same function, but is a lot harder to read and therefor also to re-use.

You can find a tool overview at:
http://www.csharpfriends.com/statics/tools.aspx

Remotesoft claims to have not only an obfuscator, but also a protector:
http://www.remotesoft.com/
No personal verification or garantees from my part though as to the protector added value.
0
 
LVL 1

Accepted Solution

by:
SvenForkbeard earned 500 total points
ID: 12363874
Hello pgilfeather,

Wow, that's an interesting question!  From what you've said, I can only see a few possibilities:

1. You can't necessarily hide your HTML source codes, but you CAN run compiled executables on a website.  All you would do then is have only execs in your /cgi-bin/ folder (for example) and HTML with references and properly formatted command lines. I think that Visual Basic can make execs from source fairly easily, but you may want to read up on it a little more. Obviously, compiled code is pretty close to "encrypted" for the most part, since decompiling it is difficult to impossible.  Be warned, however: there are lots of tools to analyze compiled code. See for example PE Explorer:

http://www.heaventools.com/

2.  If you're not into C++ programming for the Web, jphili's suggestion sounds pretty good.  Just don't bother trying it with JavaScript.  A fine example of how JS obfuscation is defeated can be found in DJ Java Decompiler here:

http://dj.navexpress.com/

Sometimes it's just no fun having other admins around.  My best advice is to host your site on a system whose admins you DO trust, or host it yourself and pay for this ultimate security.  Whatever you choose, best of luck to you.

Sven
0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question