Security Basics mailing list archives
RE: ASP Pages
From: "Chad" <ncm () xs4all nl>
Date: Tue, 17 Jun 2003 21:45:56 +0200
We are currently developing a project management system in ASP, and I am a little concerned about code stealing. Given that the asp pages are visible to everyone, how difficult is it for someone to download the actual asp code? (As opposed to the html that the page generates).
Your ASP code should be pretty safe as long as you have not used extensions like .INC for your include files, because these files, if run, will show the underlying code.
Also, there is the option for installing the site on a clients server. Is there any way to encrypt this so that the server can read it, but the clients cannot?
Microsoft provide a scripting encoder (MS Script Encoder) which encodes your ASP code into unreadable format, which is still parsed correctly, but its very easy to decode using commonly available decoders, but then again this requires the culprit to actually get to the source code. If you really want to protect the source on a client's server, in my opinion, put the core ASP code into a DLL, or DLL's. There are some utilities out there, ASP2DLL comes to mind (http://xde.net/xq/tool.xdeasp2dll/qx/index.htm). The main problem with this is usually if you make any changes in the ASP, the DLL needs to be updated, compiled & replaced on the server. hth Chad --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- ASP Pages Benjamin Meade (Jun 16)
- RE: ASP Pages Fred Dirkse - OIC Group, Inc. (Jun 16)
- Re: ASP Pages M. Zeeshan Mustafa (Jun 16)
- RE: ASP Pages exon (Jun 17)
- Re: ASP Pages securitybasics (Jun 16)
- Re: ASP Pages Ernie Nelson (Jun 16)
- RE: ASP Pages Chad (Jun 17)
- Re: ASP Pages ATD (Jun 24)
- <Possible follow-ups>
- RE: ASP Pages Andrew Helsby (Jun 16)
- RE: ASP Pages wjnorth (Jun 16)
- RE: ASP Pages Michael Dunn (Jun 17)
- Re: ASP Pages Bill (Jun 17)
- RE: ASP Pages Fred Dirkse - OIC Group, Inc. (Jun 16)