Ruby on Rails 源代码安全/混淆 [英] Ruby on Rails source code security / obfuscation
问题描述
我刚刚开始使用 Ruby on Rails 开发,我有一个关于源代码隐私"的问题.
I'm just getting started with Ruby on Rails development and I have a question concerning source code "privacy".
据我目前所知(我还没有做过部署,只在本地开发环境中使用过 RoR),当部署一个 RoR 应用程序时,所有的源代码都是可见的"在服务器上?
From what I know so far (i have not done a deployment yet, only used RoR in a local development environment), that when a RoR application is deployed, all the source code is "visible" on the server?
我如何保护我的代码;可以这么说?我的意思是,主要目的是让某人(例如 RoR 提供商的服务器管理员)无法通过轻松找出代码中的哪个位置来破坏"代码与".
How can I protect my code; so to speak? By protection I mean, the main purpose being that someone (such as a server administrator on a RoR provider) not being able to "sabotage" the code by easily figuring out what place in the code to "fiddle with".
Shopify、Yellowpages 等使用 RoR 的网站如何确保其代码不被破坏"?
How do sites like Shopify, Yellowpages etc. that use RoR, ensure that their code isn't "sabotaged"?
更新我真正想要的是,假设如果我有一些进行信用卡交易的代码,我不希望一些流氓员工阅读纯文本源代码"并破坏我的网站,比如说通过阅读我的源代码,然后向每个注册用户收取 10 美元作为噱头.我如何防止这种事情发生?
UPDATE What I'm really looking for is, suppose if I have some code that's doing Credit Card transactions, I don't want some rogue employee reading "plain text source code" and sabotaging my website, say by reading my source code and then charging everyone of the signed-up users $10 as a gag. How do I prevent that sort of thing?
推荐答案
与 Matt Briggs 的观点类似,如果您不信任您的虚拟主机,那么您就是在解决错误的问题.如果您的虚拟主机想要窃取您的数据,瘫痪您的网站,重定向您的用户等,没有什么可以阻止他们.即使代码是用汇编程序编写的完全编译的二进制代码,您的管理员仍然可以找到黑客、替换资源或完全替换您的代码.这个故事的寓意,找一个你信任的网络主机,不要费心混淆你的代码
Similar to Matt Briggs's point is that if you don't trust your web host, you're addressing the wrong problem.If your web host wants to steal your data, cripple your website, redirect your users, etc., nothing can stop them. Even if the code is fully compiled binary code written in assembler, your admin could still find a hack, replace resources, or replace your code altogether. Moral of the story, find a web host you trust, don't bother obfuscating your code
这篇关于Ruby on Rails 源代码安全/混淆的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
