I think that if the security of the code in your script is of such importance, then perhaps its time to move over to VBa from VBs and create a DLL component, once rendered this is impossible to decipher. Of course you will need to convert the majority if your code from VBs into VBa, use and know how to programme in VBa and how to use Visual Basic to debug and compile your DLL component. Once compiled, all that is needed in the client ASP scripts is a call to the component function (of course the DLL will need to be registered on the system first though)
Also, in addition to that you could enforce a high-bit password for FTP and perhaps remove your Plain Text FTP server (such as IIS's FTP server) and move to a more secure SecureFTP based FTP tool. Perhaps even remove FTP altogether and create a secure VPN IPSec tunnel ? I presume that you have a dedicated box for hosting this site ? Kind Regards, Richard Parry ZOOL Networks ( www.zoolnet.co.uk <http://www.zoolnet.co.uk/> ) Managed, Dedicated & Shared Hosting Solutions Telephone: +44(0)1543 301003 Fax: +44(0)1543 416668 Mobile (Emergency): +44(0)7967 959740 -----Original Message----- From: Meritt James [mailto:[EMAIL PROTECTED] Sent: 18 July 2003 5:49 PM To: skate Cc: Eralper YILMAZ; [EMAIL PROTECTED]; 'Security-Basics' Subject: Re: ASP Pages That is not necessarily always the case. Do not maintain a sense of security based around it being so. Jim skate wrote: > > no-one can read your asp code without having ftp (or similar) access to the > directory, the web server will run anything that it determines is asp, and > only transmit the output. this is the core of server side scripting. > > as an extra, double security, you should put most of the core functions into > includes, and have them stored outside the web root. occasionally, the web > server may have problems and transmit things before running them. i've seen > this happen in php anyway when the server is in the process of being > updated... > > ----- Original Message ----- > From: "Eralper YILMAZ" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>; "'Security-Basics'" > <[EMAIL PROTECTED]> > Sent: Friday, July 18, 2003 10:08 AM > Subject: Re: ASP Pages > > > Hi, > > > > Use "Script Encoder " > > > > You can find detailed info at > > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/ht > > ml/SeconScriptEncoderOverview.asp > > > > > > > > > > ----- Original Message ----- > > From: "Benjamin Meade" <[EMAIL PROTECTED]> > > To: "'Security-Basics'" <[EMAIL PROTECTED]> > > Sent: Monday, June 16, 2003 9:51 AM > > Subject: ASP Pages > > > > > > > > > > Hi all, > > > > > > We are currently developing a project management system in ASP, and I am > > > a little concerned about code stealing. Given that the asp pages are > > > visible to everyone, how difficult is it for someone to download the > > > actual asp code? (As opposed to the html that the page generates). > > > > > > Also, there is the option for installing the site on a clients server. > > > Is there any way to encrypt this so that the server can read it, but the > > > clients cannot? > > > > > > Thanks, > > > > > > Benjamin Meade > > > System Administrator > > > LanWest Pty Ltd > > > Ph: (08) 9440 3033 > > > Fax: (08) 9440 3370 > > > > > > > > > > > > > -------------------------------------------------------------------------- > > - > > > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top > analysts! > > > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > > > while InStat has confirmed Neoteris as the leader in marketshare. > > > > > > Find out why, and see how you can get plug-n-play secure remote access > in > > > about an hour, with no client, server changes, or ongoing maintenance. > > > > > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > > > > -------------------------------------------------------------------------- > > -- > > > > > > > > > -------------------------------------------------------------------------- > - > > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > > while InStat has confirmed Neoteris as the leader in marketshare. > > > > Find out why, and see how you can get plug-n-play secure remote access in > > about an hour, with no client, server changes, or ongoing maintenance. > > > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > > -------------------------------------------------------------------------- > -- > > > > > > > > -------------------------------------------------------------------------- - > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > -------------------------------------------------------------------------- -- -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
