Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Avoid stealing code in deployed c# asp website

Tags:

c#

security

asp.net

I am building a website in asp/c# which I need to deploy to multiple servers which are managed by external people.

I need to avoid the people who have access to the server accessing and reusing our code.

One option that I have heard so far is that I can check the MAC-address inside the code, however, the MAC-address can be changed by the users.

What are the most secure options available to avoid this kind of situation?

like image 938
James Avatar asked Feb 28 '13 07:02

James

3 Answers

The only 100% reliable method is not allowing others access to the actual deployed files.

Since code must work in the first place, a sufficiently motivated cracker will obtain the underlying source no matter what you do.

You can audit your deploy folders so you have an access log: you won't prevent any interaction, but you'll at least know who got what... Better than nothing.

like image 43
Alex Avatar answered Nov 03 '22 00:11

Alex

You have several options, but as commented by many... maybe they are not worth.

  • Legal: Have the external people that work in your server to sign a confidentiality agreement.
  • Trusted External People: Hire people that you trust. Friends, old coworkers, etc.
  • Dummy server: Depending on what you want to be done by external people, you might create a dummy version of your app. For example if you want the external people to install and configure your IIS & WCF services then deploy only dummy version of your WCF services that do nothing. Later, after job is done by external people, you can replace your dummy code with real code.
  • Obfuscate Code: You can obfuscate your code with some tool to make it harder. (Harder does not mean impossible)
  • Take away your code: As Mahmoud Fayez suggests, maybe is feasible to take your code to some external webservices and have your UI totally without any logic. It depends however in what the external people will do for you and the exact details of your app.

The only reliable one is:

  • Deploy to your own server: If your code is so sensitive that you want to warrant that no one copy it, then do the things yourself. No admin task is hard enough for a programmer with enough time and motivation.
like image 177
Oscar Foley Avatar answered Nov 02 '22 23:11

Oscar Foley

Option that gives you the most cotrol: don't deploy one external servers managed by external people.

Everything else will have less options to protect your code and you just need to decide at wich point price is ok to pay.

like image 32
Alexei Levenkov Avatar answered Nov 02 '22 23:11

Alexei Levenkov
Sign in to Comment

Related questions

Binding WinForms control to ObjectA.ObjectB.Property
run sql scripts with fluentmigrator
Unity Container, Resolve Individual Objects
C# async file transfer - waiting before continuing loop
Moq verify that the same method is called with different arguments in specified order
Three tier app in C# - where to put data and business models
Adding a list of strings to OracleCommand.Parameters in C# [duplicate]
Float Value Is Lost in Int [duplicate]
How to get a Grid column width in pixels in WPF?
Call generics with base class gives cannot convert from base class to T
Good coding practice when saving data to files in .net
Is there any way to override a MVC Controller Action?
Why performance of C++ fseek/fread is times greater than C# FileStream's Seek/Read
TreeView in windows 8 store app in XAML
Why comparing two equal persian word does not return 0?
LINQ Select From DataTable
Changing text of a combobox in a different tab
Verifying a call parameter via a callback in NSubstitute
populate ObservableCollection<string> using string array
410 Status Displays "The page you requested was removed"

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!