Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Ruby on Rails source code security / obfuscation [duplicate]

I'm just getting started with Ruby on Rails development and I have a question concerning source code "privacy".

From what I know so far (i have not done a deployment yet, only used RoR in a local development environment), that when a RoR application is deployed, all the source code is "visible" on the server?

How can I protect my code; so to speak? By protection I mean, the main purpose being that someone (such as a server administrator on a RoR provider) not being able to "sabotage" the code by easily figuring out what place in the code to "fiddle with".

How do sites like Shopify, Yellowpages etc. that use RoR, ensure that their code isn't "sabotaged"?

UPDATE What I'm really looking for is, suppose if I have some code that's doing Credit Card transactions, I don't want some rogue employee reading "plain text source code" and sabotaging my website, say by reading my source code and then charging everyone of the signed-up users $10 as a gag. How do I prevent that sort of thing?

like image 798
Zabba Avatar asked Sep 11 '10 07:09

Zabba


2 Answers

Similar to Matt Briggs's point is that if you don't trust your web host, you're addressing the wrong problem.If your web host wants to steal your data, cripple your website, redirect your users, etc., nothing can stop them. Even if the code is fully compiled binary code written in assembler, your admin could still find a hack, replace resources, or replace your code altogether. Moral of the story, find a web host you trust, don't bother obfuscating your code

like image 59
userx Avatar answered Oct 06 '22 20:10

userx


At the end of the day, there is trust involved. If your admin wants to screw you, he will, and obfuscation won't do much to stop him.

like image 21
Matt Briggs Avatar answered Oct 06 '22 21:10

Matt Briggs