Results 1 to 4 of 4
  1. #1

    Any tips to prevent code theft?

    Hi,

    Regarding shared hosts, what all can I do to prevent source code theft? I discovered on my web host that the minimum file permissions that still allows my website to work is 0110 for public_html folder, and 0101 for cgi-bin. That allows the website to work, even WordPress, but in cPanel I can't even view the list of files in the public_html folder or cgi-bin, which is fine with me. If I write a perl script that tries to view a directory (e.g., print `ls -AFl` then it gives the same results as cPanel, which is an empty folder because it's hidden. I don't about PHP or Python. Maybe a PHP script could view the files, but I doubt it. Does this seem secure?

    I'll be using Python, and maybe some PHP. Are there any shared web hosts that might excel at protecting users code? I'm with Green Geeks. So far I don't see any security holes, but I'm not a security expert.

    I'd appreciate any tips,
    Paul

  2. #2
    File a support ticket and ask them to restrict permissions on your directory, at minimum.

  3. #3
    Join Date
    Jan 2011
    Location
    Canada
    Posts
    934
    Your shared host generally runs something like suPHP or suexec. This lets the server run as users while serving pages. It protects you in case someone else has an insecure script, since at most they can only get the compromised person's permissions.

    However, what this means is that if you can read/edit/modify those files from the shell, then you're not really protected if you happen to be that person. If you really want to at least secure your code from simple prying eyes, consider using an encoder.

    There was a discussion recently about several options on WHT.

    http://www.webhostingtalk.com/showthread.php?t=1025205

  4. #4
    I think you're right. After doing some more tests I was able to view the source code. It turns out that removing folder permissions does not prevent file reads. It only hides the directory contents. So they need to find the file location to read it, which they can obtain from the website index script.

    Encoding seems good, but it only seems like an annoyance for a good hacker. After all, the python engine knows how to decrypt it.

    Man, there must be a way to only allow python to read the files on a shared host, no?

    Paul

Similar Threads

  1. 10 tips to prevent domain scam/fraud
    By 123finder.com in forum Domain Name Tutorials
    Replies: 40
    Last Post: 11-27-2012, 12:33 AM
  2. Code to prevent desktop hotlinking
    By Clayc in forum Computers and Peripherals
    Replies: 3
    Last Post: 02-12-2010, 01:36 PM
  3. Simple Tips To Prevent And Deal With Content And Design Theft
    By OVNet in forum Web Design and Content
    Replies: 12
    Last Post: 12-23-2009, 03:15 AM
  4. How do Client and Host prevent theft?
    By Spaulding in forum Web Hosting
    Replies: 6
    Last Post: 05-18-2006, 06:56 PM
  5. Any way to prevent code ripping?
    By TeKiZeRo in forum Programming Discussion
    Replies: 19
    Last Post: 03-21-2003, 12:58 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •