Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

safe place to save code

Tags:

javascript

php

Where is the most secure place to store sensitive code on a server (ex, authorization php, contact scripts, sensitive or protected javascript)?

You guys/girls got any tips or tricks on how to protect that kind of stuff?

like image 430
justin Avatar asked Nov 08 '09 03:11

justin


People also ask

Where should I save my codes?

dropbox (storage only) bitbucket (storage, edit) github (storage, edit)

How do you save a code?

Save the file on your computer. Select File > Save as in the Notepad menu. Name the file "index.htm" and set the encoding to UTF-8 (which is the preferred encoding for HTML files). Tip: You can use either .htm or .html as file extension.

Where do you save code snippets?

There are various ways you can store a code snippet, either by keeping it in a GitHub repository or can use a smart code snippet manager, like Codiga's Coding Assistant. Coding Assistant allows you to store and reuse code snippets.

How do I save codes on my computer?

All programs support the keyboard shortcut to save a document. To save a file using a shortcut, press either Ctrl + S on a PC or Command + S on an Apple computer. If supported, the program either saves the file as its existing name or opens a save window for a new file.


Video Answer


3 Answers

You can use .htaccess to cut off remote access to PHP scripts (of course, you'll still be able to access them locally with server-side include). I presume your contact scripts are also PHP scripts. They can be handled this way too. Either way, if PHP works on your server, even if a user knew the location of a PHP file, they wouldn't be able to see the source code anyway. This only prevents certain unauthorized execution.

Regarding sensitive or protected Javascript, you can use a JS compressor like this to obfuscate the code, but since JS is executed client-side, the user will be able to see whatever source code you give him.

like image 153
Steven Avatar answered Oct 19 '22 09:10

Steven


Some observations

The problem you have is that in order to use any of this code, it needs to be readable by whatever process is using it (typically the webserver). That fact alone really makes it impractical to get extra security, unless you can resort some type of queued offline processing.

Rule #1 - keep it out of the DocumentRoot (unless it should be there)

Rule #2 - run your own server (or VPS), and keep other people off of it

Rule #3 - lock the box down tight - port 22 (from specific IPs) and 80/443 from global

PS. JavaScript is executed in the web browser - there is not much you can do to secure it (other than obscure it), nor should you have to (eg. NOT trusting external data is rule #0).

like image 25
gahooa Avatar answered Oct 19 '22 11:10

gahooa


Another tactic is to store such PHP scripts above the public web folder. Your scripts can still access them. I often use this for data that I want to make available to logged in users for download. I have to make a script specifically to retrieve and send them the data, when it's needed, but nobody can access that data unless they are logged in and the script sends it to them.

With your scripts, it's even simpler - you don't make a means to access them. Your own scripts can include them, of course, and using .htaccess to control access is another worthwhile step.

like image 2
Frank DeRosa Avatar answered Oct 19 '22 10:10

Frank DeRosa