Let me bring it down a notch as I am normally so ingrained in architecture
that I am flying way above the clouds.
The suggestion is to refactor, which is pull the code into VB COM
components. To do this, you have to create methods for your code. For
example, let's say you have the following code in your ASP.
connString = "{connectio n string for database here}"
sqlString = "SELECT * FROM SecretAuthorsTa ble"
Set objConn = New ADODB.Connectio n(connString)
Set objCmd == New ADODB.Command(s qlString, conn)
Set objRS = cmd.Execute()
'Work with RS here
To hide the database code, you would do the following:
1. Move the code to a function in a VB COM component by creating an ActiveX
DLL. Let's say we make DataLayer.dll with a class file called SecretData.
The function in the class would look something like so
Public Function GetSecretAuthor Data() As ADODB.Recordset
Dim connString As String
Dim sqlString As String
Dim objConn As ADODB.Connectio n
Dim objCmd As ADODB.Command
Dim objRS As ADODB.Recordset
connString = "{connectio n string for database here}"
sqlString = "SELECT * FROM SecretAuthorsTa ble"
Set objConn = New ADODB.Connectio n(connString)
Set objCmd == New ADODB.Command(s qlString, conn)
Set objRS = cmd.Execute()
GetSecretAuthor Data = objRS
End Function
2. Call the object from ASP
Set objSD = New DataLayer.Secre tData()
Set objRS = objSD.GetSecret AuthorData()
NOTE: Not an optimal example, but the idea is sound. Now, a hacker for your
ASP app only learns about an object rather than actually getting the
connection string information and a sql query to start mining with.
NOTE: You can protect the implementation even more by hiding the connection
string in the registry, but that is a more complex bit of work. Or by
encrypting the strings, et al.
I will check and see if I can find a good URL. The MS Book Designing for
Scalability Using Microsoft Windows DNA is great for understanding
distributed applications using ASP and VB COM. You can pick up up extremely
cheap these days (75 cents US)
Designing for Scalability with Microsoft Windows DNA
by Per Sundblad, Sten Sundblad
Paperback: 450 pages ; Dimensions (in inches): 1.28 x 9.19 x 7.37
Publisher: Microsoft Press; 1 edition (March 15, 2000)
ASIN: 0735609683
http://www.amazon.com/exec/obidos/tg...glance&s=books
--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
*************** *************** *************** ***
Think Outside the Box!
*************** *************** *************** ***
"Les Juby" <we****@webpro. co.za> wrote in message
news:40******** ******@news.uun et.co.za...
Uuuuh, this sounds good, but I'm completely unfamiliar with what you
are proposing. But it sounds the way to go.
Would the "rest of the code" you refer to be the original pages as
they are at present.?
Is there any reference you could please refer me to that might have
simple step-by-step instructions on what is needed here.?
Thanks, all, for the help....
(Hey, aren't we polite down here in Africa!)
.les.
On Thu, 15 Jul 2004 08:02:42 -0500, "Cowboy \(Gregory A. Beamer\)
[MVP]" <No************ @comcast.netNoS pamM> wrote:
There are obfuscation tools out there that you can purchase. Another
optionis to simply refactor code so ASP contains UI elements only and the rest
ofthe code is in VB COM component (ActiveX DLLs). The only code that shows
upis something like:
<%
Response.Write (vbObject.GetSe cretStuff())
%>
A very serious hacker might still decompile the VB, but it would be a
concerted effort, as there are no decompilers for the more modern VB
implementation s.
o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o
Les Juby le*****@anti-spam.iafrica.co m
Webpro Internet - - - Prosoft Microsystems
Durban, KwaZulu-Natal, South Africa
P.O.Box 35243, Northway 4065, South Africa
Tel: +27 31 563-8344 Fax: +27 31 564-4928
o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o
(you *do* know to take "anti-spam" out the address....?
