Reputation: 2033
Avoid stealing code in deployed c# asp website
I am building a website in asp/c# which I need to deploy to multiple servers which are managed by external people.
I need to avoid the people who have access to the server accessing and reusing our code.
One option that I have heard so far is that I can check the MAC-address inside the code, however, the MAC-address can be changed by the users.
What are the most secure options available to avoid this kind of situation?
Upvotes: 5
Views: 468
Answers (6)
Reputation: 23300
The only 100% reliable method is not allowing others access to the actual deployed files.
Since code must work in the first place, a sufficiently motivated cracker will obtain the underlying source no matter what you do.
You can audit your deploy folders so you have an access log: you won't prevent any interaction, but you'll at least know who got what... Better than nothing.
Upvotes: 2
Reputation: 6566
If you need to do this, it suggests you're doing something wrong at the corporate level. The best proceedure is usually not to try to prevent piracy, but to embrace it. Make the code easily available to anyone, seed it on torrent sites yourself if need be, but only let it run in a very restricted way - say, only one connection at a time, so registering and buying a license show clear advantages.
If you also make your license clear and affordable, and there will be no motivation to pirate your software, and prevention is always better than a cure.
Upvotes: 0
Reputation: 20366
A web app normally cannot be completely "closed" source.
Besides the compiled DLLs (can be obfuscated) in bin, there must be a little "open source" in the view pages (.aspx, .ascx, .master, .cshtml)
If you want 100% closed, you may consider to use a non-standard way to serve the views so that you can pack everything in a DLL and write your http handler code to handle different URLs.
Upvotes: 0
Reputation: 7025
You have several options, but as commented by many... maybe they are not worth.
- Legal: Have the external people that work in your server to sign a confidentiality agreement.
- Trusted External People: Hire people that you trust. Friends, old coworkers, etc.
- Dummy server: Depending on what you want to be done by external people, you might create a dummy version of your app. For example if you want the external people to install and configure your IIS & WCF services then deploy only dummy version of your WCF services that do nothing. Later, after job is done by external people, you can replace your dummy code with real code.
- Obfuscate Code: You can obfuscate your code with some tool to make it harder. (Harder does not mean impossible)
- Take away your code: As Mahmoud Fayez suggests, maybe is feasible to take your code to some external webservices and have your UI totally without any logic. It depends however in what the external people will do for you and the exact details of your app.
The only reliable one is:
- Deploy to your own server: If your code is so sensitive that you want to warrant that no one copy it, then do the things yourself. No admin task is hard enough for a programmer with enough time and motivation.
Upvotes: 3
Reputation: 10012
You can 'publish' the website rather than put the whole source code up on the server, that turns it into a compiled website.
You can find a guide here
Upvotes: 0
Reputation: 100547
Option that gives you the most cotrol: don't deploy one external servers managed by external people.
Everything else will have less options to protect your code and you just need to decide at wich point price is ok to pay.
Upvotes: 1
Related Questions
- How to protect asp.net or c# source file can be view or edit by client using compiler tools?
- How to protect a Web Application
- Protect source code of an ASP.NET website
- code being inserted
- Hiding code in ASP.NET application
- asp.net secure my application so no one can transfer it and reuse it
- How can we protect our MVC2 code?
- How can I protect my ASP.Net Source Code From My Developers