Soon I will be hiring some freelancers to continue a project with me.
The project has been created with - Client: HTML, CSS, JavaScript, PHP - Server: C#.NET - Database: MySQL
Just as a security precaution I want to take steps to prevent theft of the code.
Is it possible to protect this, and if so what steps should I take?
Edit: these will be remote workers.
Many years ago, I worked for a few years together with an experienced programmer. He told me that when he needed others to help him with software development, and he didn't want to reveal the code to them (so they couldn't at all copy, steal or resell the code or part of it), he used to give them precise tasks to do without letting them know the general project, in this way: "write a function (or library) that takes this input in this format [...], and that returns this output in this format [...]". They even didn't understand what was that about or for. But I don't know if that is suitable in your case.
There is very little you can do about a remote worker having the code they work on - unless you make them work in a remote desktop environment set up to prevent copy-pasting code to their actual location. (If that is even possible)
If your goal is to prevent someone reselling the entire product, you could split the work so no one ever has the complete picture. The downside will very probably be added workload due to miscommunication and problems tying everything together.
However, if the delivery essentially is a one-of-a-kind custom product that cannot be reused at another client without major rewriting, I would ignore the risk - because others just having that code doesn't take away business from you.
As a side note, the remote coders will hopefully learn new techniques during the project - and I personally believe they should be allowed to reuse such code later. After all, you are profiting from their past experiences.
On the legal side, you have your remote developers sign a non-disclosure agreement. A properly written NDA will prohibit them from stealing your code or disclosing it to others and will generally establish your right to sue them if they violate the NDA. You should consult a lawyer for this, but you might be able to find sample NDAs online to help you get started.
As far as physical prevention methods to make it impossible for them to steal the code, there isn't much you can do, although it can help to put different sections of the code in separate repositories (e.g. HTML in one repo, PHP in another repo) and only give each developer access to the section they're working on.
It is indeed pretty difficult to prevent them from using the source code they have had access to.
As a minimum precaution state explicitly in the contract with them that they cannot use the code for other purposes and have to destroy any copies in the end. Even better to announce what the penalty would be in case of infringement.
If you are really paranoid, you can tag the code with discrete strings that encrypt your name, making sure that they end-up in the executables, to serve as evidence of hijacking.
Large financial firms use tools like Citrix to provide a desktop environment remotely. They configure Citrix to prevent copy/paste across the gap between client and server.
This enables workers to "see" their work, but not export it. Similarly, they block outgoing web requests, etc.
The reality is that you probably cannot do this - it is a stupefyingly difficult and cumbersome task, and requires pretty much a dedicated department.
If you're just trying to protect code that you wrote from being copied, your best bet is probably to break out your workers into silos, and break your code across multiple repositories: client, server, database, etc.
You can then unite the code during the build process, but restrict individual users to only accessing one or two repos.
