This question appears to be outside the scope defined in Help Center for stack overflow.
Closed 6 years ago.
6 years agoI would like to publish the site's repository on Github
for student education so that the server side source code can be seen by students and third parties.
Ruby on Rails
I have published a repository of websites that I have implemented, and I haven't found any sites that I can actually access with a browser, but do you usually publish the server-side source code of websites?
And what are the possible dangers of publishing the server-side source code and allowing access from all over the world?
The server-side implementation will be completely visible, so I think it will be a good prey for attackers, but I want to make it look like a third party in order to educate on server-side engineering.
security
Do you usually publish the source code of the server side of the website?
Yes, there is.It is important to share the source code as multiple people develop and operate the website.I often choose a place where the source code becomes open as a shared place.Github's public repository is a typical example.The same goes for software like WordPress that you install and use.
What are the possible dangers of publishing server-side source code and allowing access from all over the world?
In the end, it's all about "What do you want to protect?"If you give maximum priority to eliminating danger, you can hide everything, and if there is no danger at all, you can expose everything.Depending on the degree of "What do you want to protect?" the percentage of things you hide and expose will naturally change.
In the example of WordPress, there are information that must be hidden for each site, such as the database password, so of course, the source code published in WordPress does not contain any "information that must be hidden."After installation on the site's server, you will have to add the information you need to hide.And it's not the author of WordPress, it's the operator of the site who's responsible for hiding it. If the wp-config.php file is available, it's a very dangerous situation.
The structure of the WordPress database is public information because it is part of the WordPress source code.Anyone in the world can know the structure.Now, if you know the structure, but you can't access the database directly, it's not an immediate danger.It would be nice if the site's operators could protect the site properly, but rather, publish the structure and share it with everyone to speed up WordPress development.
However, crackers around the world are trying to penetrate a variety of software vulnerabilities every day.There is also the idea of not giving as much information as possible to those people.In this case, if WordPress is discovered to be used, it is easy to understand the structure of the database, so the risk of being invaded and the risk of spreading damage after being invaded increases.In this way, you need to avoid choosing WordPress or completely hide that you are using WordPress.
To sum up,
The answer depends on how many factors there are.
I would like to publish the site repository on Github for my students' education so that the server side source code can be seen by students and third parties.
Why don't you consider each of the above three points for the source code in your repository to identify the risks?
© 2024 OneMinuteCode. All rights reserved.