How to protect when going from Internet to intranet?

[staeri]

I have a web application developed in ASP.NET 2.0 with SQL Server 2005.
The application is on a hosted server accessible from Internet.

I have a potential customer who insists on having the application
hosted on their own web server and SQL Server and I'm very worried
about someone stealing the application or database. I'm not so worried
about their own people doing this, but I know that other
suppliers/consultants have access to the servers and I don't trust
them.

What kind of necessary security steps should I think of if an intranet
solution should be acceptable for me?

Regards,

S

 

[John Timney \(MVP\)]

You first have to question whether turning down their request would be an
option, or if they are prepared to host it on a machine you are responsible
for and can access and manage remotely, removing any potential access from
competitors. What can you do via agreement that the app wont be accessible
to other consultants, and how would you/they enforoce that to assure you?

If you are up against a wall then you should probably start by looking at
how you compile your application into a single assembly, so even if it was
stolen there would be a fair bit of work to try and get access to any code.
West Wind have written a nippy little front end to the asp.net compiler to
make the job easier.
http://www.west-wind.com/tools/aspnetcompiler.asp. Also, consider
watermarking your code, so a hidden method can be called to show that its
your code if you think its been deployed elsewhere.

--
--
Regards

John Timney (MVP)
VISIT MY WEBSITE:
http://www.johntimney.com
http://www.johntimney.com/blog