Hello All,
I wanted to know your views on how rails application code can be secured
while deployment.
I know there are some commercial encryption tools which can do it for
you.
Anyone have any idea on this ??
Ruby on Rails Developer
Sandip R. wrote:
Hello All,
I wanted to know your views on how rails application code can be secured
while deployment.
Just make sure no one can gain unauthorized access to the server. (That
includes setting things up with proper permissions, decent
passwords…you get the idea.)
I know there are some commercial encryption tools which can do it for
you.
There’s no need. This is not client-side code. Your Rails application
lives on the server, so no end-user will ever see the source code.
Anyone have any idea on this ??
Yes: understand a little better how things work and what lives where.
Then it will be easier to create an appropriate security model.
Thanks,
Sandip R~Ruby on Rails Developer
http://sandip.sosblog.com
http://funonrails.wordpress.com
www.joshsoftware.com
Marnen Laibow-Koser
http://www.marnen.org
[email protected]
Marven, Thanks for your reply !
I think, you missunderstood what i am saying.
Let me explain little deep.
Suppose, I have rails application as a product,
I wanted to deploy it for many clients.
They have their own servers.
What make me sure that code is not exposed.
What are your views ???
Thanks,
Sandip R~
–
Ruby on Rails Developer
What you’re attempting here is equivalent to a DRM system; or in
simpler terms, giving someone a lock and the key and expecting that
the lock will provide protection.
The code’s got to be run somehow, and if the clients control the
server, they can get at it. Encrypted source files can be captured
from memory, Java bytecodes can be decompiled, etc.
You don’t need a technical solution, you need a good contract lawyer.
–Matt J.
Sandip R. wrote:
Marven,
If you’re going to use my name, please spel it correctly. 
Thanks for your reply !
I think, you missunderstood what i am saying.
Let me explain little deep.
Suppose, I have rails application as a product,
I wanted to deploy it for many clients.
They have their own servers.What make me sure that code is not exposed.
You mean you want to hide the code from your clients? Do you really
think they’re going to be able to do anything with it anyway? This
seems slightly pointless to me.
However, if you really need to, probably the best way would be to use
JRuby and compile the whole thing as a Java application.
But as I said, I’d advise you to drop the whole idea of hiding the code.
What are your views ???
Thanks,
Sandip R~
Marnen Laibow-Koser
http://www.marnen.org
[email protected]
On Tue, Jun 23, 2009 at 2:02 AM, Sandip R.[email protected]
wrote:
Marven, Thanks for your reply !
I think, you missunderstood what i am saying.
Let me explain little deep.
Suppose, I have rails application as a product,
I wanted to deploy it for many clients.
They have their own servers.
What make me sure that code is not exposed.
What are your views ???
This question comes up regularly. Like once a month. Seriously,
check the list archives.
People have gone to great lengths to protect their ruby code only to
have someone figure out how to break the encryption/obsfucation with
about 3 lines of code. I’m not kidding:
http://seanmountcastle.com/2007/12/15/protecting-your-ruby-source-code-for-end-user-applications/
Read the post and his rather cool trick and then how someone “broke”
the encryption in about 3 lines of ruby.
Point is, you can keep the honest people honest (at which point, why
bother?), but the dishonest are going to get your code if you use an
interpreted language like Ruby. If you want to make it hard, use C++.
–
Aaron T.
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix &
Windows
Those who would give up essential Liberty, to purchase a little
temporary
Safety, deserve neither Liberty nor Safety.
– Benjamin Franklin
Sandip,
I never used it myself but http://www.rubyencoder.com/ seems to be what
you’re looking for. It’s not free but is not that expensive and they
have a free trial.
Would you mind giving some feedback on the forum if you try it?
Paolo
Sandip R. wrote:
Marven, Thanks for your reply !
I think, you missunderstood what i am saying.
Let me explain little deep.
Suppose, I have rails application as a product,
I wanted to deploy it for many clients.
They have their own servers.What make me sure that code is not exposed.
What are your views ???
Thanks,
Sandip R~
–
Ruby on Rails Developer
http://sandip.sosblog.com
http://funonrails.wordpress.com
www.joshsoftware.com
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs