Last post Oct 01, 2013 07:51 AM by Mikesdotnetting
Sep 30, 2013 09:02 AM|DMT20601|LINK
Design question for Webmatrix.
Moderator: If this needs to be in a Webmatrix design forum please move it accordingly.
From time to time had worked in the garment industry. Within that industry is this formula about pattern cutting. It’s not to complex but it does have issues. I got it figured out and would like make it available on the web, for a small fee, of course.
The user signs up for a $10 membership and then gets prompted for arguments supplied to the formula. As long as the membership is current the formula is easily available, from any browser, 24/7.
Basically the formula asks for 5 numbers, then does the calculation and returns a single decimal result. It would be a function something like
Result = SuperFormula( 1, 2, 3, 4, 5) where Result being 15, after adding each argument together.
One of the issues, Result can already be known, before the function is launched. That is, SuperForumula has to be smart enough to understand / recognize one of its arguments is missing/unknown: Result
= SuperFormula (1, ,3 ,4 ,5) where Result is still 15.
I can figure out how to validate and evaluate each argument and get that all cleaned up.
The question is how to protect the SuperFormula.
This SuperFormula is so industry specific that interested parties like competitors, even off-shore would like to know the formula. So how would I protect SuperFormula. I know the website is going to get hacked. Again how can I protect SuperFormula,
not the function, but the formula?
Could Webmatrix with its limit access underscore Filename (_PageStart) and special folders ( App_Code) be used to protect the formula or should I build a .dll or build something encrypted?
Thanks in advance.
Dallas in Maryland
Sep 30, 2013 03:01 PM|beetledev|LINK
I wouldn't trust the underscore naming to protect your secret code. That file with an underscore will still be on your server in plain text so if someone gets access to your server's file system they will be able to get that code easily.
Sep 30, 2013 03:15 PM|Mikesdotnetting|LINK
No one can acces the content of App_Code via a browser. It is one of the special ASP.NET folders that have been configured not to allow direct browsing. So if all you are concerned about is the potential for someone to access SuperFormula's source code via
a browser, you have nothing to fear there.
However, that doesn't prevent access via the server file system. If you have total control over the server, the security will be as good as you can configure. If you don't, you have to rely on the competence/honesty of others. Then you may well want to consider
putting your SuperFormula into a class library, and using an
obfuscator to hide the resulting code from disassemblers.
Oct 01, 2013 07:21 AM|DMT20601|LINK
Thanks for your insight. (without having total control over the server) I got a suggestion to compile the calculation in to a desktop .exe or .com object (?) and install that on the server. With that installed, have the Webmatrix IsPost() code block
call that object and pass/return the arguments. That way, their wouldn't be any source code on the server. Would the .exe be stored in the bin folder of the website or would it be stored in a server folder?
Oct 01, 2013 07:51 AM|Mikesdotnetting|LINK
I got a suggestion to compile the calculation in to a desktop .exe or .com object (?)