M
M
Mock2012-11-01 21:03:22
Programming
Mock, 2012-11-01 21:03:22

How to restrict access to source codes when developing a site?

There is a financial project, 80% ready. Some functionality needs to be improved. I don't want to give you access to the source.

What's up at the moment. Work through some Tim viewer on a server machine, where the project is deployed on a local computer.

But what about the transfer to the main working domain? Indeed, in the process of working on a local server through a Tim viewer, it may well be that some kind of shell will be flooded or a vulnerability will be made “for oneself”, in order to drop in on a visit and steal everything that is possible.

All sorts of papers about responsibility, contracts and so on - This is all bullshit and does not give any guarantees.

Answer the question

In order to leave comments, you need to log in

6 answer(s)
E
edogs, 2012-11-01
@edogs

That is why it is necessary to make modular projects, so that when finalizing “some functionality”, it would not be necessary to give global access to the entire project. Well, the work done for any shells should be checked by a trusted developer, who should still be present.

G
gaelpa, 2012-11-01
@gaelpa

Accept work on "diff". Everything that will be added by the performers will be noticeable, and then the question of the competence of those who will view this stuff on the bookmarks.

I
Igor, 2012-11-02
@shanker

Best of all, of course, modularity, as already advised.
You can also consider the option of obfuscating the code and transferring it all obfuscated. A rare bird will want to restore its functionality

R
Rafael Osipov, 2012-11-01
@Rafael

Alternatively, break the project into several modules. Modules that you do not want to open, let them live on your hosting and only some of your API looks outside for calls from outside.
Let a team of third-party developers develop a module that will complement the functionality of the system. And let the developed module communicate with your existing system through web services. After the new module is developed, you will check it for bookmarks and integrate it into the overall system.

A
Alexander Sklyarov, 2012-11-01
@Voron095

He will turn to the original developer of this project, he already knows all his “holes”, or someone “familiar”, which is also not an indicator. There simply cannot be any other options. For example, to sit and monitor work in real time, but then the question arises of expediency;

D
demimurych, 2012-11-01
@demimurych

hide your shell inside your sources.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question