Are you concerned at all with your web host having access to all of your files and being able to essentially download your entire web app? What steps can you take to protect yourself? More specifically, I am interested in knowing how to protect the custom developments I've made to a WordPress powered site?
Should I / how do I protect source code from web host? [closed]
Asked Answered
Leave them, when you don't trust them. The only way, to really make sure, that nobody else can access your files/data is, that you don't give your files/data to someone else. –
Belak
Are you concerned at all with your web host having access to all of your files and being able to essentially download your entire web app?
No.
What steps can you take to protect yourself?
None.
If you can't trust your web host, you're doomed and need to change providers immediately. It's impossible to protect a web site from the administrator(s) who maintain the server it runs on.
It's like if you are a business hiring a bookkeeper or sysadmin - they can't do their job if they don't have access to the company's financial records, or computer systems, respectively. You have to be able to trust that those people don't steal your company secrets.
I am interested in knowing how to protect the custom developments I've made to a WordPress powered site?
Not to put down the value of your work and all, but chances are nobody cares about them. There's a lot more to a custom development than having the code - you also need somebody who understands it and can work with it. I don't think code theft from commercial hosting platforms is much of an issue.
More a philosopher's answer than an intelligent one. If you can't trust humanity why should you lock your house's door –
Partlow
@Viktor that's not the right analogy. You lock your door because strangers could harm you. That's common sense. In this scenario, that's the passwords and firewalls that protect the web site. But there are situations in life where you have to trust the people you work with to some degree because you can't meaningfully lock the door or hide stuff from them or control their every action. The sysadmin of the server you host stuff on is definitely one of those relationships. –
Cellule
You can encrypt your applications using various encryption engines such as Zend for PHP. Or you could always obfuscate your code before uploading it onto your web host.
Webhost need to support the decrypter for the encryption engine and obfuscation is never any kind of security (or whatever). Its just a waste of time. –
Belak
@Belak mmmm, not entirely. Encryption/obfuscation would at least make sure there is no usable code on the host machine. This isn't half bad a suggestion for PHP and JS at least –
Cellule
When its not usable, why should I put it on the machine? ;) Hehe, I know what you mean. #encryption: I don't know any webhost, that supports it. It would work, if its supported, but it in most cases it isn't. #Obfuscation: Maybe, but with modern IDE-support its not really a handicap. –
Belak
The only and right answer. –
Partlow
If you don't trust your webhost, don't use them.
It is impossible to secure code against an enemy who owns the hardware and has administrative permissions on the server.
How huge companies like FB a Microsoft do with thousands of employees snooping around? Com'on don't be naive –
Partlow
@ViktorJoras: Huge companies have access controls that prevent employees from accessing user data without business justification (this can be required by law for things like HIPAA). –
Cartwheel
Not true. FB uses a custom PHP variant which is compiled prior to being executed. Not to mention the C++ written modules. Twitter uses Scala which is again precompiled. MS developers have access only to their development scope, all the rest is just binary. No source code on shared employee storage. The OP question is crystal clear and he deserves a crystal clear answer too. –
Partlow
@ViktorJoras: The OP is asking about customer code on a host, not internal code. –
Cartwheel
No, the OP is asking how to protect exposed PHP code. –
Partlow
There is nothing you can do to stop your web host from being able to see your files. It's their server after all, and they have root access to it.
Generally, nobody cares about your shared-hosting site enough to go poking around in the code. Sorry, but it's true. If you get large enough that it matters, you'll be running your own servers which only you have access to.
The best defense against hosts that might do something sketchy is to look for reviews of the hosting, and solicit recommendations from friends and other trusted colleages.
© 2022 - 2024 — McMap. All rights reserved.