Reply to Source code security when using Cloudron on Thu, 13 Jun 2024 10:07:06 GMT

girish — Thu, 13 Jun 2024 10:07:06 GMT

When you say 'source code all websites', maybe you mean WordPress and LAMP websites? If so, ignore this comment. But source code of all cloudron packages and the final built images is all public - https://hub.docker.com/u/cloudron . you don't even need server credentials or install Cloudron for that matter to see the source code of apps.

For WP/Lamp, I consider the websites themselves as "data" and "configuration" and not "source code".

Reply to Source code security when using Cloudron on Thu, 13 Jun 2024 09:28:28 GMT

fbartels — Thu, 13 Jun 2024 09:28:28 GMT

@zonzonzon said in Source code security when using Cloudron:

can they access the source code of all websites installed on Cloudron?

Yes, as soon as someone has physical access to a server they will have means to also see what is stored on disk. The only way around this would be full disk encryption, but during the runtime of the server the data is still decrypted which means as long as the server is running data is readable and only becomes inaccessible upon reboot (up until you enter the decryption passphrase).

Or you are using an app that implements end to end encryption. If you're developing wordpress apps and you are concerned about someone stealing your source, then maybe obfuscation would be a means, but this only makes it harder still not impossible.