Mentions the issue of host-based security. To the end user, the web server is an untrustable black box.
Would it provide to needed transparency to make host-based security trustable if your users could read the live server-side code that runs the site?
So, for instance besides accessing
example.com/default.aspx in your browser and getting the response, what if you opened up read-only FTP access and allowed the code in
default.aspx to be read? Would that make your code open to review, and trustable? (kind of like how open source projects are considered more trustworthy because there's nowhere to hide back doors or badly written security code)
Is it feasible to do this?
This is feasible to set up. But it only superficially solves the problem.
It doesn't necessarily create extra trust. Why? It's not too hard to redirect FTP to another server (or to another folder). An untrusting user could claim that you have set up two servers; one with the live, malicious code and one with innocuous code. You direct FTP requests to the innocuous server, and let the web server run the malicious code. Remember, you get to choose what they see when they ask for an FTP connection. Spoofing it isn't too complicated.
External links referenced by this document: