-----Original Message-----
From: Benjamin Meade [mailto:[EMAIL PROTECTED]
Sent: 16 June 2003 07:51
To: 'Security-Basics'
Subject: **Mailing-list ms-secnews (Security focus): ASP Pages
--------------Forwarded by SpamMotel--------------
--------------------------------------------------
--from "Benjamin Meade" <[EMAIL PROTECTED]>--
--reply [EMAIL PROTECTED]
Spam Motel address created on 2002-06-20 11:48:38
This Message received on Mon Jun 16 11:41:50 EDT 2003
Last Message received on 2003-06-16 11:41:35
No. 17 Messages Forwarded: 6559 Messages Received: 6559
*** ms-secnews (Security focus) ***
[EMAIL PROTECTED]
--------------------------------------------------
Hi all,
>We are currently developing a project management system in ASP, and I am
>a little concerned about code stealing. Given that the asp pages are
>visible to everyone, how difficult is it for someone to download the
>actual asp code? (As opposed to the html that the page generates).
As long as you don't have shares on the web server open to people to connect to and
have removed sample applications on the server and run iislock down then you should be
ok to stop them downloading the code.
>Also, there is the option for installing the site on a clients server.
>Is there any way to encrypt this so that the server can read it, but the
>clients cannot?
Only by putting ntfs security permissions on the clients server so only the webserver
can access it, but the client would have to do it, and they could easily remove it by
taking ownership....of course they'd need a logon and/or network connectivity to the
box.....or physical access to the server, boot from a knoppix cd for example and then
look at the web pages bypassing the permissions that way.
Andy
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
