Vulnerability Development mailing list archives
Re: windows scripting encoder
From: Doru Petrescu <pdoru () kappa ro>
Date: Wed, 8 Nov 2000 08:19:39 +0200
BTW, Cold Fusion offers the same functionality. They use a well know algorithm with a hardcoded encryption key. Someone found a way to undo this about 1-2 years ago. I sow the program on bugtraq. This is not a solution ... it is just making things a little more complicated for the average stupid user. But at least will prevent stupid customers that have no idea about ASP/PERL/ColdFusion to make stupid mistakes and alter the code and then say the script is broken. Best regards, ------ Doru Petrescu KappaNet - Senior Software Engineer E-mail: pdoru () kappa ro LINUX - the choice of the GNU generation
Since a friend of mine told me they use the windows scripting encoder to obfuscate their asp code before giving it to customers, I decided to take a look at it. It turned out to be extremely trivial. Of course this is just encoding and is, as ms says themselves, not a real protection of asp code. However I find it a bit misleading to present this as an option to 'protect your sourcecode from prying eyes', since it really is totally simple. I think it creates a false sense of 'security' by hiding your source code that just encourages sloppy coding practises. I'd be curious to know if anyone is actually using this or ever looked at it.
[...snip...]
I'm not really sure how serious this is. I suppose no sane person would use this scripting encoder and assume noone could read the code on their website or that customers can't read the code you wrote for them. However I'm kind of wondering why this functionality is offered at all then.
Current thread:
- windows scripting encoder Stephanie Wehner (Nov 08)
- Re: windows scripting encoder Doru Petrescu (Nov 08)
- Re: windows scripting encoder Stephanie Wehner (Nov 09)
- Re: windows scripting encoder Doru Petrescu (Nov 09)
- Re: windows scripting encoder Stephanie Wehner (Nov 10)
- Re: windows scripting encoder Doru Petrescu (Nov 10)
- Re: windows scripting encoder Stephanie Wehner (Nov 09)
- Re: windows scripting encoder Doru Petrescu (Nov 08)