Re: windows scripting encoder

[Doru Petrescu <pdoru () kappa ro>]

BTW, Cold Fusion offers the same functionality. They use a well know
algorithm with a hardcoded encryption key.

Someone found a way to undo this about 1-2 years ago. I sow the program on
bugtraq.

This is not a solution ... it is just making things a little more
complicated for the average stupid user. But at least will prevent stupid
customers that have no idea about ASP/PERL/ColdFusion to make stupid
mistakes and alter the code and then say the script is broken.


Best regards,
------
Doru Petrescu
KappaNet - Senior Software Engineer
E-mail: pdoru () kappa ro                LINUX - the choice of the GNU generation



> Since a friend of mine told me they use the windows scripting encoder
> to obfuscate their asp code before giving it to customers, I decided
> to take a look at it. It turned out to be extremely trivial.
>
> Of course this is just encoding and is, as ms says themselves, not
> a real protection of asp code. However I find it a bit misleading to
> present this as an option to 'protect your sourcecode from prying eyes',
> since it really is totally simple. I think it creates a false sense of
> 'security' by hiding your source code that just encourages sloppy coding
> practises. I'd be curious to know if anyone is actually using this or
> ever looked at it.

[...snip...]

> I'm not really sure how serious this is. I suppose no sane person would
> use this scripting encoder and assume noone could read the code on their
> website or that customers can't read the code you wrote for them. However
> I'm kind of wondering why this functionality is offered at all then.