How secure is my application source code on heroku?

whitenexx picture whitenexx · Jun 20, 2012 · Viewed 7k times · Source

I want to migrate my webapp from cloudfoundry to heroku. But there is still one thing i'm confused about.

Everytime you want to deploy your application to heroku, you've to push your source code to their git repository. How secure is this repository? What if i don't want to give my source code into someone others hands?

What's your opinion about that?

Answer

Todd A. Jacobs picture Todd A. Jacobs · Jun 20, 2012

The Problem

You aren't understanding how interpreted languages or hosting providers work. If you're using an interpreted language like Ruby, you need to have your source on the service platform. Even if your code is compressed, obfuscated, or byte-compiled, it has to be on the service platform to be served up, so this is going to be a problem for you with any language or hosting provider.

You're also not understanding the nature of byte code. A byte code interpreter can read your files. In addition, there are Java decompilers out there to turn byte code back into source code. A search Stack Overflow will show you posts discussing Java decompilers. Unless you think "security through obscurity" is useful, you should probably stop thinking of your byte code as secure in any meaningful way.

The Solutions

  1. Build good software, run a good business, and don't lose sleep worrying about someone copying your for-loops. This is probably your easiest solution.
  2. If you don't trust hosting providers or co-location facilities, then you'll have to host your own files internally. Even then, you'll have to trust someone to maintain the systems, unless you plan to do it all yourself.
  3. Consider some tin-foil haberdashery.

Git repositories on Herku are not public repositories like you'd find on GitHub. It's no less "safe" than transferring your files around by any other means, and certainly more secure than the usual FTP uploads on many service platforms.

Security is always a trade-off. It's definitely important, but unless you've defined a better threat model than general distrust, you won't be able develop adequate controls.