Menu
i've always wanted to make some of our companies products open-source..but we have a lot of things in our source code that would make us vulnurable. How is this handled in most open source projects? For example, we use some custom web services to do actions to our database (Add accounts, delete accounts, ect). The source code would have to contain the key (password) we use to use the web service. If someone wanted, they could grab the source, get the key to use our web service, and wreck havoc on our database.
Are these just projects that should not be open source? Or is it common to just put the sensitive stuff in a file or something and not include that part? (Although doing this, would make the source kinda useless for the public since it would lose it's functionality).
Any links or resources on open-source projects and how this kinda stuff should be handled would be nice.
Thanks
867
Due to the large number of individuals contributing to an open-source project and ultimately improving the software, proponents of open source systems assert fewer vulnerabilities and faster patching. In contrast, closed-source proponents argue that their codebases are more secure and less vulnerable to hacking.
Yes, it is possible to make an open source project into a closed source project. The copyright holder can change the license of a project at any time, or cease to distribute source code of new releases.
With closed source software (also known as proprietary software), the public is not given access to the source code, so they can't see or modify it in any way. But with open source software, the source code is publicly available to anyone who wants it, and programmers can read or change that code if they desire.
When a project is open source, that means anybody is free to use, study, modify, and distribute your project for any purpose. These permissions are enforced through an open source license.
Passwords and senstitive data are best not included the source file. If you look at the design of open-source software like PHPMyAdmin, a config file is provided to add in those information, and are usually stored in the root folder of the webhost (or anywhere outside www folder).
So the idea is that if your website use some info to link to a service, you should hide them away in a file as well and ask your user to provide the password and to create their own account.
148
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
