Are you concerned at all with your web host having access to all of your files and being able to essentially download your entire web app?
No.
What steps can you take to protect yourself?
None.
If you can't trust your web host, you're doomed and need to change providers immediately. It's impossible to protect a web site from the administrator(s) who maintain the server it runs on.
It's like if you are a business hiring a bookkeeper or sysadmin - they can't do their job if they don't have access to the company's financial records, or computer systems, respectively. You have to be able to trust that those people don't steal your company secrets.
I am interested in knowing how to protect the custom developments I've made to a WordPress powered site?
Not to put down the value of your work and all, but chances are nobody cares about them. There's a lot more to a custom development than having the code - you also need somebody who understands it and can work with it. I don't think code theft from commercial hosting platforms is much of an issue.
您可以使用各种加密引擎(例如 Zend for PHP)加密您的应用程序。或者,您始终可以在将代码上传到网络主机之前对其进行混淆。
You can encrypt your applications using various encryption engines such as Zend for PHP. Or you could always obfuscate your code before uploading it onto your web host.
There is nothing you can do to stop your web host from being able to see your files. It's their server after all, and they have root access to it.
Generally, nobody cares about your shared-hosting site enough to go poking around in the code. Sorry, but it's true. If you get large enough that it matters, you'll be running your own servers which only you have access to.
The best defense against hosts that might do something sketchy is to look for reviews of the hosting, and solicit recommendations from friends and other trusted colleages.
发布评论
评论(4)
不。
没有任何。
如果您不能信任您的网络托管服务商,那么您就注定失败,需要立即更换提供商。不可能保护网站免受维护其运行的服务器的管理员的攻击。
这就像如果您是一家企业雇用簿记员或系统管理员 - 如果他们无法分别访问公司的财务记录或计算机系统,他们就无法完成自己的工作。您必须能够相信这些人不会窃取您的公司机密。
并不是要贬低你的工作和一切的价值,但很可能没有人关心它们。定制开发不仅仅是拥有代码 - 您还需要一个理解代码并可以使用它的人。我认为商业托管平台的代码盗窃不是什么大问题。
No.
None.
If you can't trust your web host, you're doomed and need to change providers immediately. It's impossible to protect a web site from the administrator(s) who maintain the server it runs on.
It's like if you are a business hiring a bookkeeper or sysadmin - they can't do their job if they don't have access to the company's financial records, or computer systems, respectively. You have to be able to trust that those people don't steal your company secrets.
Not to put down the value of your work and all, but chances are nobody cares about them. There's a lot more to a custom development than having the code - you also need somebody who understands it and can work with it. I don't think code theft from commercial hosting platforms is much of an issue.
您可以使用各种加密引擎(例如 Zend for PHP)加密您的应用程序。或者,您始终可以在将代码上传到网络主机之前对其进行混淆。
You can encrypt your applications using various encryption engines such as Zend for PHP. Or you could always obfuscate your code before uploading it onto your web host.
如果您不信任您的网络主机,请勿使用它们。
不可能保护代码免受拥有硬件并拥有服务器管理权限的敌人的攻击。
If you don't trust your webhost, don't use them.
It is impossible to secure code against an enemy who owns the hardware and has administrative permissions on the server.
您无法阻止网络主机查看您的文件。毕竟这是他们的服务器,他们拥有根访问权限。
一般来说,没有人足够关心你的共享托管网站来研究代码。抱歉,但这是真的。如果您的规模足够大,那么您将运行自己的服务器,只有您可以访问。
针对主机可能做一些粗略的事情的最佳防御方法是寻找主机的评论,并征求朋友和其他值得信赖的同事的建议。
There is nothing you can do to stop your web host from being able to see your files. It's their server after all, and they have root access to it.
Generally, nobody cares about your shared-hosting site enough to go poking around in the code. Sorry, but it's true. If you get large enough that it matters, you'll be running your own servers which only you have access to.
The best defense against hosts that might do something sketchy is to look for reviews of the hosting, and solicit recommendations from friends and other trusted colleages.