I would like to secure my Rails app source code because we have a
complex application and we install it on our customer sites.
It is in our company's best interest to keep the source code secure
since we have invested a great amount of time and research in
developing the logic/algorithm behind the application.
We evaluated several options (like Rubyscript2exe, etc) and came to a
conclusion that we should enrypt the Rails application source code and
which can be decrypted on the fly to serve application. This will not
allow anyone to look at the code even if the application is running or
if someone get hold of a copy of our source code.
I looked around but couldn't find anything that can do something like
this, ie encryption and decryption of source code something what
ZendGuard does for PHP.
I would appreciate if you have any suggestions or ideas on this.
Good luck waiting for a bytecompiler for ruby, might take a long while though. A good contract or a preconfigured and inaccessible servers are your best option.
I looked around but couldn't find anything that can do something like
this, ie encryption and decryption of source code something what
ZendGuard does for PHP.
First, it's not encryption. It's byte-code compilation (much like
what you get when using a caching mechanism such as APC).
Second, it can be reversed very easily:
Looks like this one app supports reversing all current PHP "protection" rackets.
I would appreciate if you have any suggestions or ideas on this.
If you want 100% secure code.. put the code on your server, then
unplug the server from the wall.
Thanks for correcting me Greg about byte-code compilation.
I will put forward a very simple analogy here for your second point.
We all know that anyone can break into our house but we still lock it
before leaving our doorstep. Infact some of us take more than one
measure to make sure that the stuff in our house is secure and also to
feel secure.
So I imagine that my company's first step to do something like above
is not that bad a choice.
However, I never mentioned 100% secure code but I guess that was a
great suggestion. I am sure you must have tried that in the past, did
that work? ;o) I think we all would like to know how did you get that
working ;o)