OTECTED]>
Sent: Monday, July 21, 2003 10:31 AM
Subject: RE: ASP Pages
> There is another way to encode your ASP scripts..
> Microsoft Gives a Script Encoder :
>
>
http://www.microsoft.com/downloads/details.aspx?FamilyId=E7877F67-C447-4873-
> B1B0-21F0626A6329&displaylan
nnot view or modify your source.
Its pretty Neat...Do check it out..
-Original Message-
From: wong chuin hun [mailto:[EMAIL PROTECTED]
Sent: Saturday, July 19, 2003 7:50 AM
To: Tim Greer; skate; Eralper YILMAZ; [EMAIL PROTECTED];
'Security-Basics'
Subject: Re: ASP Pages
Hi,
if u af
And done ...all ur code are save.
>
> - Original Message -
> From: "Tim Greer" <[EMAIL PROTECTED]>
> Date: Fri, 18 Jul 2003 10:00:46 -0700
> To: "skate" <[EMAIL PROTECTED]>, "Eralper YILMAZ" <[EMAIL PROTECTED]>, <[EMAI
ot;Tim Greer" <[EMAIL PROTECTED]>; "skate" <[EMAIL PROTECTED]>;
"Eralper YILMAZ" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
"'Security-Basics'" <[EMAIL PROTECTED]>
Sent: Friday, July 18, 2003 7:20 PM
Subject: Re: ASP Pages
-0700
To: "skate" <[EMAIL PROTECTED]>, "Eralper YILMAZ" <[EMAIL PROTECTED]>, <[EMAIL
PROTECTED]>, "''Security-Basics''" <[EMAIL PROTECTED]>
Subject: Re: ASP Pages
> Correct, that barring any technical/configuration reas
EMAIL PROTECTED]
Sent: 18 July 2003 5:49 PM
To: skate
Cc: Eralper YILMAZ; [EMAIL PROTECTED]; 'Security-Basics'
Subject: Re: ASP Pages
That is not necessarily always the case. Do not maintain a sense of
security based around it being so.
Jim
skate wrote:
>
> no-one can read your
g them. i've seen
> this happen in php anyway when the server is in the process of being
> updated...
>
> - Original Message -
> From: "Eralper YILMAZ" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; "'Security-Basics'"
> &
on, security, programming, consulting.
- Original Message -
From: "skate" <[EMAIL PROTECTED]>
To: "Tim Greer" <[EMAIL PROTECTED]>; "Eralper YILMAZ"
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; "'Security-Basics'"
<
;
To: "skate" <[EMAIL PROTECTED]>; "Eralper YILMAZ" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>; "'Security-Basics'"
<[EMAIL PROTECTED]>
Sent: Friday, July 18, 2003 6:00 PM
Subject: Re: ASP Pages
> Correct, that barring any techn
- Original Message -
From: "skate" <[EMAIL PROTECTED]>
To: "Eralper YILMAZ" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
"'Security-Basics'" <[EMAIL PROTECTED]>
Sent: Friday, July 18, 2003 9:01 AM
Subject: Re: ASP Pages
> no-o
Z" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; "'Security-Basics'"
<[EMAIL PROTECTED]>
Sent: Friday, July 18, 2003 10:08 AM
Subject: Re: ASP Pages
> Hi,
>
> Use "Script Encoder "
>
> You can find detailed info at
>
Hi,
Use "Script Encoder "
You can find detailed info at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/ht
ml/SeconScriptEncoderOverview.asp
- Original Message -
From: "Benjamin Meade" <[EMAIL PROTECTED]>
To: "'Security-Basics'" <[EMAIL PROTECTED]>
Sent: Mond
Ben,
Make sure that the server that your code is running on is configured
properly. Also make sure that the network is secure and that you have a
good security solution in place. If you want some help with identifying
whats right for you, feel free to ask. If your source is important and
If you edit your ASP code directly on the server, make sure your editor
doesn't save a .bak file or clean them up afterwords. If you don't anyone
can download those backup files.
Bill
---
Evaluating SSL VPNs' Consider NEOT
> We are currently developing a project management system in ASP, and I am
> a little concerned about code stealing. Given that the asp pages are
> visible to everyone, how difficult is it for someone to download the
> actual asp code? (As opposed to the html that the page generates).
Your ASP cod
Ben,
As others have stated, if the server is configured properly, ASP code will not be
presented to the user through normal browsing means.
If you are worried about your clients "stealing" your ASP code that is loaded on their
server, google on "ASP obfuscate". I think Microsoft has a tool tha
If the client sees the code, then so can the user.
I say wget and netcat or even telnet and rest my case.
/Andy
On Mon, 16 Jun 2003, Fred Dirkse - OIC Group, Inc. wrote:
> Ben -
> Unless your webserver is configured improperly, it will not return the asp
> code to the client browser. When a .
There is a way (I believe its good for both NetScrape and Internet
Exploder) to lock down view access to the source code of the site. I
can't remember how to do it, but I believe its either an HTML tag, or
it's a setting within IIS. If I find it I will pass it through,
otherwise do a search on disa
, Inc." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; "'Security-Basics'"
<[EMAIL PROTECTED]>
Sent: Monday, June 16, 2003 8:23 PM
Subject: RE: ASP Pages
> Ben -
> Unless your webserver is configured improperly, it will not return the asp
> code to th
Server side code is all parsed out before getting sent to the client as long
as it has a .asp extension.
Ernest Nelson - GSEC, MCP
- Original Message -
From: "Benjamin Meade" <[EMAIL PROTECTED]>
To: "'Security-Basics'" <[EMAIL PROTECTED]>
Sent: Sunday, June 15, 2003 11:51 PM
Subject: ASP
-Original Message-
From: Benjamin Meade [mailto:[EMAIL PROTECTED]
Sent: 16 June 2003 07:51
To: 'Security-Basics'
Subject: **Mailing-list ms-secnews (Security focus): ASP Pages
--Forwarded by SpamMotel--
--
--from "
ASP pages are processed by the server and the client only sees HTML that
the server outputs, so they won't be able to see what you are doing behind
the scenes, as far as I know.
At 02:51 PM 6/16/2003 +0800, you wrote:
>
>Hi all,
>
>We are currently developing a project management system in ASP,
Ben -
Unless your webserver is configured improperly, it will not return the asp
code to the client browser. When a .asp page is requested, the webserver
first sends that page to the .asp parser which runs the code and produces
the html content. If your server is setup to NOT process the .asp pag
23 matches
Mail list logo