There is another way to encode your ASP scripts.. Microsoft Gives a Script Encoder :
http://www.microsoft.com/downloads/details.aspx?FamilyId=E7877F67-C447-4873- B1B0-21F0626A6329&displaylang=en This is a simple encoder but good enough for Encoding Purposes... Web hosts and Web clients cannot view or modify your source. Its pretty Neat...Do check it out.. -----Original Message----- From: wong chuin hun [mailto:[EMAIL PROTECTED] Sent: Saturday, July 19, 2003 7:50 AM To: Tim Greer; skate; Eralper YILMAZ; [EMAIL PROTECTED]; 'Security-Basics' Subject: Re: ASP Pages Hi, if u afraid of people stealing your code,what u can do is compile all ur code into a dll. Then register the dll into your server registry. And done ...all ur code are save. ----- Original Message ----- From: "Tim Greer" <[EMAIL PROTECTED]> Date: Fri, 18 Jul 2003 10:00:46 -0700 To: "skate" <[EMAIL PROTECTED]>, "Eralper YILMAZ" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>, "''Security-Basics''" <[EMAIL PROTECTED]> Subject: Re: ASP Pages > Correct, that barring any technical/configuration reasons that would show > the ASP code in it's text form would not be possible, there are several > methods which are, such as a user on the same system opening and printing > another user's ASP file's contents, or another ASP, or PHP or CGI, etc. > script on the server that is intentionally allowing people to open and print > file contents (which is often not intentional, though it exists). So, some > things can help, but anything interpreted will still allow someone to obtain > the source code anyway, if they can manage to get that far. This is why > compiling is the best way to protect source code--and I don't know of a way > (personally) to do this in ASP. Note: Don't confuse compiling with > encrypting or obfuscating. > -- > Regards, > Tim Greer [EMAIL PROTECTED] > Server administration, security, programming, consulting. > > > ----- Original Message ----- > From: "skate" <[EMAIL PROTECTED]> > To: "Eralper YILMAZ" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; > "'Security-Basics'" <[EMAIL PROTECTED]> > Sent: Friday, July 18, 2003 9:01 AM > Subject: Re: ASP Pages > > > > no-one can read your asp code without having ftp (or similar) access to > the > > directory, the web server will run anything that it determines is asp, and > > only transmit the output. this is the core of server side scripting. > > > > as an extra, double security, you should put most of the core functions > into > > includes, and have them stored outside the web root. occasionally, the web > > server may have problems and transmit things before running them. i've > seen > > this happen in php anyway when the server is in the process of being > > updated... > > > > ----- Original Message ----- > > From: "Eralper YILMAZ" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]>; "'Security-Basics'" > > <[EMAIL PROTECTED]> > > Sent: Friday, July 18, 2003 10:08 AM > > Subject: Re: ASP Pages > > > > > > > Hi, > > > > > > Use "Script Encoder " > > > > > > You can find detailed info at > > > > > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/ht > > > ml/SeconScriptEncoderOverview.asp > > > > > > > > > > > > > > > ----- Original Message ----- > > > From: "Benjamin Meade" <[EMAIL PROTECTED]> > > > To: "'Security-Basics'" <[EMAIL PROTECTED]> > > > Sent: Monday, June 16, 2003 9:51 AM > > > Subject: ASP Pages > > > > > > > > > > > > > > Hi all, > > > > > > > > We are currently developing a project management system in ASP, and I > am > > > > a little concerned about code stealing. Given that the asp pages are > > > > visible to everyone, how difficult is it for someone to download the > > > > actual asp code? (As opposed to the html that the page generates). > > > > > > > > Also, there is the option for installing the site on a clients server. > > > > Is there any way to encrypt this so that the server can read it, but > the > > > > clients cannot? > > > > > > > > Thanks, > > > > > > > > Benjamin Meade > > > > System Administrator > > > > LanWest Pty Ltd > > > > Ph: (08) 9440 3033 > > > > Fax: (08) 9440 3370 > > > > > > > > > > > > > > > > > > > -------------------------------------------------------------------------- > > > - > > > > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top > > analysts! > > > > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > > > > while InStat has confirmed Neoteris as the leader in marketshare. > > > > > > > > Find out why, and see how you can get plug-n-play secure remote access > > in > > > > about an hour, with no client, server changes, or ongoing maintenance. > > > > > > > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > > > > > > > -------------------------------------------------------------------------- > > > -- > > > > > > > > > > > > > > -------------------------------------------------------------------------- > > - > > > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top > analysts! > > > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > > > while InStat has confirmed Neoteris as the leader in marketshare. > > > > > > Find out why, and see how you can get plug-n-play secure remote access > in > > > about an hour, with no client, server changes, or ongoing maintenance. > > > > > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > > > > -------------------------------------------------------------------------- > > -- > > > > > > > > > > > > > > > > > -------------------------------------------------------------------------- > - > > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > > while InStat has confirmed Neoteris as the leader in marketshare. > > > > Find out why, and see how you can get plug-n-play secure remote access in > > about an hour, with no client, server changes, or ongoing maintenance. > > > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > > -------------------------------------------------------------------------- > -- > > > > > --------------------------------------------------------------------------- > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > ---------------------------------------------------------------------------- > -- ______________________________________________ http://www.linuxmail.org/ Now with e-mail forwarding for only US$5.95/yr Powered by Outblaze --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
