Note: Not just code, but the filestructure it exists in anhd accesses. I recommend caution.
Jim wong chuin hun wrote: > > Hi, > if u afraid of people stealing your code,what u can do is compile all ur code into a > dll. Then register the dll into your server registry. > > And done ...all ur code are save. > > ----- Original Message ----- > From: "Tim Greer" <[EMAIL PROTECTED]> > Date: Fri, 18 Jul 2003 10:00:46 -0700 > To: "skate" <[EMAIL PROTECTED]>, "Eralper YILMAZ" <[EMAIL PROTECTED]>, <[EMAIL > PROTECTED]>, "''Security-Basics''" <[EMAIL PROTECTED]> > Subject: Re: ASP Pages > > > Correct, that barring any technical/configuration reasons that would show > > the ASP code in it's text form would not be possible, there are several > > methods which are, such as a user on the same system opening and printing > > another user's ASP file's contents, or another ASP, or PHP or CGI, etc. > > script on the server that is intentionally allowing people to open and print > > file contents (which is often not intentional, though it exists). So, some > > things can help, but anything interpreted will still allow someone to obtain > > the source code anyway, if they can manage to get that far. This is why > > compiling is the best way to protect source code--and I don't know of a way > > (personally) to do this in ASP. Note: Don't confuse compiling with > > encrypting or obfuscating. > > -- > > Regards, > > Tim Greer [EMAIL PROTECTED] > > Server administration, security, programming, consulting. > > > > > > ----- Original Message ----- > > From: "skate" <[EMAIL PROTECTED]> > > To: "Eralper YILMAZ" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; > > "'Security-Basics'" <[EMAIL PROTECTED]> > > Sent: Friday, July 18, 2003 9:01 AM > > Subject: Re: ASP Pages > > > > > > > no-one can read your asp code without having ftp (or similar) access to > > the > > > directory, the web server will run anything that it determines is asp, and > > > only transmit the output. this is the core of server side scripting. > > > > > > as an extra, double security, you should put most of the core functions > > into > > > includes, and have them stored outside the web root. occasionally, the web > > > server may have problems and transmit things before running them. i've > > seen > > > this happen in php anyway when the server is in the process of being > > > updated... > > > > > > ----- Original Message ----- > > > From: "Eralper YILMAZ" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]>; "'Security-Basics'" > > > <[EMAIL PROTECTED]> > > > Sent: Friday, July 18, 2003 10:08 AM > > > Subject: Re: ASP Pages > > > > > > > > > > Hi, > > > > > > > > Use "Script Encoder " > > > > > > > > You can find detailed info at > > > > > > > > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/ht > > > > ml/SeconScriptEncoderOverview.asp > > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Benjamin Meade" <[EMAIL PROTECTED]> > > > > To: "'Security-Basics'" <[EMAIL PROTECTED]> > > > > Sent: Monday, June 16, 2003 9:51 AM > > > > Subject: ASP Pages > > > > > > > > > > > > > > > > > > Hi all, > > > > > > > > > > We are currently developing a project management system in ASP, and I > > am > > > > > a little concerned about code stealing. Given that the asp pages are > > > > > visible to everyone, how difficult is it for someone to download the > > > > > actual asp code? (As opposed to the html that the page generates). > > > > > > > > > > Also, there is the option for installing the site on a clients server. > > > > > Is there any way to encrypt this so that the server can read it, but > > the > > > > > clients cannot? > > > > > > > > > > Thanks, > > > > > > > > > > Benjamin Meade > > > > > System Administrator > > > > > LanWest Pty Ltd > > > > > Ph: (08) 9440 3033 > > > > > Fax: (08) 9440 3370 > > > > > > > > > > > > > > > > > > > > > > > > > -------------------------------------------------------------------------- > > > > - > > > > > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top > > > analysts! > > > > > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > > > > > while InStat has confirmed Neoteris as the leader in marketshare. > > > > > > > > > > Find out why, and see how you can get plug-n-play secure remote access > > > in > > > > > about an hour, with no client, server changes, or ongoing maintenance. > > > > > > > > > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > > > > > > > > > > -------------------------------------------------------------------------- > > > > -- > > > > > > > > > > > > > > > > > > > -------------------------------------------------------------------------- > > > - > > > > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top > > analysts! > > > > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > > > > while InStat has confirmed Neoteris as the leader in marketshare. > > > > > > > > Find out why, and see how you can get plug-n-play secure remote access > > in > > > > about an hour, with no client, server changes, or ongoing maintenance. > > > > > > > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > > > > > > -------------------------------------------------------------------------- > > > -- > > > > > > > > > > > > > > > > > > > > > > > > -------------------------------------------------------------------------- > > - > > > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > > > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > > > while InStat has confirmed Neoteris as the leader in marketshare. > > > > > > Find out why, and see how you can get plug-n-play secure remote access in > > > about an hour, with no client, server changes, or ongoing maintenance. > > > > > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > > > -------------------------------------------------------------------------- > > -- > > > > > > > > > --------------------------------------------------------------------------- > > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > > while InStat has confirmed Neoteris as the leader in marketshare. > > > > Find out why, and see how you can get plug-n-play secure remote access in > > about an hour, with no client, server changes, or ongoing maintenance. > > > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > > ---------------------------------------------------------------------------- > > > > -- > ______________________________________________ > http://www.linuxmail.org/ > Now with e-mail forwarding for only US$5.95/yr > > Powered by Outblaze > > --------------------------------------------------------------------------- > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > ---------------------------------------------------------------------------- -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 --------------------------------------------------------------------------- ----------------------------------------------------------------------------
