Because i am a bit paranoid i sometimes think about protecting my ROR-sourcecode. I came up with this idea:
* Encrypt all files (models,controllers,helpers,views,css,...) with a secret key.
* Upload the encrypted files on your server
* Put the key in a file and upload the file to config/
* When the rails app starts, load the key into memory and delete(!) the key file
* Decrypt files (in memory) of your app when they are loaded
An attacker that got access to the filesystem can't just copy the source since it is encrypted. One problem might be this:
The attacker got write access to the FS and creates a .rb somewhere in a loaded gem or in the rails app. Then he might be able to read out the key and decrypt the source files.
The best way i know to protect the source is to use JRuby and compile the rails app to a jar.
* Encrypt all files (models,controllers,helpers,views,css,...) with a secret key.
* Upload the encrypted files on your server
* Put the key in a file and upload the file to config/
* When the rails app starts, load the key into memory and delete(!) the key file
* Decrypt files (in memory) of your app when they are loaded
An attacker that got access to the filesystem can't just copy the source since it is encrypted. One problem might be this:
The attacker got write access to the FS and creates a .rb somewhere in a loaded gem or in the rails app. Then he might be able to read out the key and decrypt the source files.
The best way i know to protect the source is to use JRuby and compile the rails app to a jar.
Leave a comment