Balaji Loganathan wrote:Thanks Lasse.
They are all ROR web applications. What i am feeling insecure is ability to see the actual source code by anyone who got access to the server box.
Right now i protect the webapp folder access using Linux user group options.
Balaji Loganathan wrote:Hi Gregory,
We have been developing Ruby on Rails projects for quite a while and one thing that kind of scare us is "source code exposure". Coming from J2EE background I wasn't much worried about "source code exposure" as Java files were compiled to .classes (and we can further even obfuscate as well).
Could you please suggest me on what could be best approach to protect the ruby/rails source code ? Should we protect or not and so on ?
Balaji D Loganathan
Gregory Brown wrote:
Balaji Loganathan wrote:
At the end of the day, I think that what you need is some decent terms of service to keep your customers honest, a good security policy at your web host, and basic common sense practices as to where and how you store your source. Obfuscating or protecting it is probably more trouble than it's worth, and you might end up spending a lot of time fighting demons that don't really exist.
Anyway, I hope this answer was helpful, even if it may not have been what you were hoping for.
Thanks Greg. I agree with you that its better to comeup with decent terms of service.
Its is just my feeling that if i am making an instance of enterprise application at customer place (say my own implementation of shopping cart checkout like SpreeCommerce), then it won't take days for someone at customer place to replicate my product by just looking at the core ruby code's.
Java provides atleast some level of startup trouble while stealing someone else core-code.
Rusty Shackleford wrote:I think it is a non-issue.
It is not that difficult to replicate the contract of any method. Your code is copyrighted, so that will stop most people from copying and pasting your code. The bad guys are almost always terrific programmers so can easily reverse engineer your code no matter what you do or just figure out what a method is doing and just write their own version.
How many millions of dollars does a company like Microsoft spend to try and stop this? Their code is always cracked and broken in short order. All without source code.