This answer:
https://security.stackexchange.com/a/37319/10574
Mentions the issue of host-based security. To the end user, the web server is an untrustable black box.
Would it provide to needed transparency to make host-based security trustable if your users could read the live server-side code that runs the site?
So, for instance besides accessing example.com/default.aspx
in your browser and getting the response, what if you opened up read-only FTP access and allowed the code in default.aspx
to be read? Would that make your code open to review, and trustable? (kind of like how open source projects are considered more trustworthy because there's nowhere to hide back doors or badly written security code)
Is it feasible to do this?