I'm just getting started with Ruby on Rails development and I have a question concerning source code "privacy".
From what I know so far (i have not done a deployment yet, only used RoR in a local development environment), that when a RoR application is deployed, all the source code is "visible" on the server?
How can I protect my code; so to speak? By protection I mean, the main purpose being that someone (such as a server administrator on a RoR provider) not being able to "sabotage" the code by easily figuring out what place in the code to "fiddle with".
How do sites like Shopify, Yellowpages etc. that use RoR, ensure that their code isn't "sabotaged"?
UPDATE What I'm really looking for is, suppose if I have some code that's doing Credit Card transactions, I don't want some rogue employee reading "plain text source code" and sabotaging my website, say by reading my source code and then charging everyone of the signed-up users $10 as a gag. How do I prevent that sort of thing?
Similar to Matt Briggs's point is that if you don't trust your web host, you're addressing the wrong problem.If your web host wants to steal your data, cripple your website, redirect your users, etc., nothing can stop them. Even if the code is fully compiled binary code written in assembler, your admin could still find a hack, replace resources, or replace your code altogether. Moral of the story, find a web host you trust, don't bother obfuscating your code
From my experience, When you sell a produce that deploy to customer server. I use
It works in many platform from its loader. But like other said, rails should be open.
I highly doubt a reputable hosting service will fiddle with your code. They are busy enough running their servers. And if they wanted to, there's not much you can do to stop them. Code obfuscation (in any language) is a silly thing to do.
Regarding your security concerns, I just hope you are not going to be storing any credit card information on your website. You must comply to PCI standards in order to do that, and that's not an easy thing to accomplish. Storing CC info without being PCI compliant is illegal.
So you will have to use a payment gateway (like PayPal or Authorize.net) for your payments, and I believe the user will be able to see what they are being charged.
I think that this is what you are looking for
http://rubyencoder.com/overview.html
A hosting company will never ever touch or investigate your code, unless you are doing things that hurt there server (like infinite loops, eating away all CPU), and even in that case they will just block that page or url.
I can imagine if you deploy your application to an intranet of a company, and they also have their developers, that one might be afraid to loose out on maintenance and support fees because they would take over themselves. But those things you cover with contracts.
The people having direct access to your ruby source-code are supposed to be co-workers or partners, were there is a clear business relationship, and normally this business-relationship is worth more. If you do not trust your co-workers or the people you work with or for, then i think you should reconsider your position.
I even believe that being as loose as possible with clients (here is the source, you can edit it if you want), generally makes them trust you even more and make them more likely to call you back.
At the end of the day, there is trust involved. If your admin wants to screw you, he will, and obfuscation won't do much to stop him.