Last time, we talked about how obfuscation is becoming more important to JavaScript developers.
It just makes plain sense. If you go and develop some massive Ajax-style JavaScript application, you don't want people to be able to swipe it so easily. With w3compiler, we spent some time thinking about the problem, but these days we are thinking much more globally. Today, we think that this line of thinking really ought to be done server-side as well. Encrypt your ASP, ASP.NET, PHP, etc. source! What's the point? Why wait? It's on your box, right?
Well, not soooo fast there, campers.
Consider what is often found in these files... not only your source code but often connection strings and logins to a backend database. If a malicious user can figure out how to dump your code to string, either via a server bug or some application exploit, they will figure out that they just got one more level inside your Web fortress. So, however they may try to crack your frontline Web server, don't give them any more than they need to see -- encrypt and obfuscate your server-side source.
In fact, if Port80 had our own way, we might even develop a program that made sure that such files were decrypted and run properly. We might even go further and try to monitor files for manipulations and defacements. Does this sound like an interesting product or more trouble than it's worth?
Tell us whatcha think…
Editor’s Note: If you are attempting to sell server-side Web code, you probably have already utilized a bunch of obfuscation and encryption systems for PHP or what not, but we argue in this post that, for security reasons, maybe this should be done on any site. Hey, what do we know?