Dear all,
I've got a security question that is so difficult that "maybe" there will be
no answer for it. It's regarding protecting asp code.
I did write some asp code, that I sell to companies, to control several
dbases. Because I sell the code, it's not that they own the code and can
sell it further or change the code, or add some extra code to it. It's like
I'm selling a program like Excel and that they can use the program, not
change it. I'm still the rightful and intellectual owner.
Also, if you give the raw asp-code, then there is a possibility that they
change to code a bit for there internal usage only. But if I sell an update,
then they have to search and copy/past there old code in the new page, not
knowing, that everything will work eventually.
It would be a lot nicer and easer if I can deliver some protected code that
they can't change! This will make my live a lot easer regarding updates. And
I will sleep better because they can't see the raw asp code,
copy/past/change and sell it or worse, going to competitors.
It would mean a lot for me, if you could help me to protect my code against
this all. Give me some inside views, some snip of your thoughts or some
general ideas to debate.
The thinks I did find and won't help to protect this all is :
a) NT security (server is from the customers)
b) Host the IIS server by myself (cannot be done, customers
request there own servers)
c) AspCodeLock, drawback in executing?
d) Windows Script Encode, this can be broken.
Using dll's would be nice and could be a solution, but then
a) I've to buy "Visual-Basic" or something else to do this.
A question that is running in my mind is : Is "visual-Basic"
the good/perfect programming language to do this? Some people
did always say that C++ is mutch better in performance and
is thread save. I can write Delphi also, is this a way to go?
But how?
b) Then I have to put all my pages in DLL form. (login.asp ->
will be : login.dll) or do I have to protect only portions of
my asp pages, but still then, they could change or implement
some extra code in the pages and that is not what I'm searching
for.
c) will this dll solution be steady enough against asp code. I
know from asp-code (I'm writing in UltraEdit, so I have a low
cost regarding buying all the software I need for my work. This
is important for me!) that I can write heavy used pages with no
problems at all. What with dll-pages? What with MTS?
d) Asp gives you the fast solution in debugging, because there is
no compilation involved so you can directly write/change your
code without compiling, installing and register your code. Is
this not a drawback in a dll solution, or is there a good
debugging environment for dll coding for iis?
The best solution for me is : some sort of opensource script language that
you can use like asp, but with some build in
function like
a) Create iis readable script
b) Create iis dll script
So when a webpage is done, you could create a filename.dll file and put this
on the webserver without losing any functionality from the previous readable
script like filename.asp. Better would be, that the file extension would
stay filename.asp for the dll version, this to protect my inline hyperlinks.
Thnx for helping me
Best regards,
J.
5  1889 
Gazing into my crystal ball I observed "John" <jo*********@unison.ie>
writing in news:41***********************@news.skynet.be: Dear all,
I've got a security question that is so difficult that "maybe" there
will be no answer for it. It's regarding protecting asp code.
My feelings are these:
1. You should have a license agreement with the customer that clearly
states that they are not to change the code.
2. Put something on the top of each page you do, eg: 'This is licensed
software and may not be edited without violating the software license' or
something to that effect.
3. You should have some sort of access to the server where the code is
running. From that you can find out if they did make changes to the code,
and then you can act accordingly. You should also have this so you can
backup/install pages yourself.
4. If they really want to break the code, or they really want to roll their
own, they will.
My suggestion to you is to give them as many admin pages as you can. If
they can make updates in their browser, they're not going to worry about
changing code here and there.
--
Adrienne Boswell
Please respond to the Group so others can share
You may also try Microsoft's "Script Encoder" to encrypt your asp source
code. It's free.
"John" wrote: Dear all,
I've got a security question that is so difficult that "maybe" there will be
no answer for it. It's regarding protecting asp code.
I did write some asp code, that I sell to companies, to control several
dbases. Because I sell the code, it's not that they own the code and can
sell it further or change the code, or add some extra code to it. It's like
I'm selling a program like Excel and that they can use the program, not
change it. I'm still the rightful and intellectual owner.
Also, if you give the raw asp-code, then there is a possibility that they
change to code a bit for there internal usage only. But if I sell an update,
then they have to search and copy/past there old code in the new page, not
knowing, that everything will work eventually.
It would be a lot nicer and easer if I can deliver some protected code that
they can't change! This will make my live a lot easer regarding updates. And
I will sleep better because they can't see the raw asp code,
copy/past/change and sell it or worse, going to competitors.
It would mean a lot for me, if you could help me to protect my code against
this all. Give me some inside views, some snip of your thoughts or some
general ideas to debate.
The thinks I did find and won't help to protect this all is :
a) NT security (server is from the customers)
b) Host the IIS server by myself (cannot be done, customers
request there own servers)
c) AspCodeLock, drawback in executing?
d) Windows Script Encode, this can be broken.
Using dll's would be nice and could be a solution, but then
a) I've to buy "Visual-Basic" or something else to do this.
A question that is running in my mind is : Is "visual-Basic"
the good/perfect programming language to do this? Some people
did always say that C++ is mutch better in performance and
is thread save. I can write Delphi also, is this a way to go?
But how?
b) Then I have to put all my pages in DLL form. (login.asp ->
will be : login.dll) or do I have to protect only portions of
my asp pages, but still then, they could change or implement
some extra code in the pages and that is not what I'm searching
for.
c) will this dll solution be steady enough against asp code. I
know from asp-code (I'm writing in UltraEdit, so I have a low
cost regarding buying all the software I need for my work. This
is important for me!) that I can write heavy used pages with no
problems at all. What with dll-pages? What with MTS?
d) Asp gives you the fast solution in debugging, because there is
no compilation involved so you can directly write/change your
code without compiling, installing and register your code. Is
this not a drawback in a dll solution, or is there a good
debugging environment for dll coding for iis?
The best solution for me is : some sort of opensource script language that
you can use like asp, but with some build in
function like
a) Create iis readable script
b) Create iis dll script
So when a webpage is done, you could create a filename.dll file and put this
on the webserver without losing any functionality from the previous readable
script like filename.asp. Better would be, that the file extension would
stay filename.asp for the dll version, this to protect my inline hyperlinks.
Thnx for helping me
Best regards,
J.
If this is really a concern then you need to be developing in another
language. Assuming you want to continue using ASP, I would take the
low-tech approach. Why go though a bunch of code that can likely be hacked
anyway. Find a contract lawyer, draw up a software license agreement and
have you clients sign it. Problem solved.
"John" <jo*********@unison.ie> wrote in message
news:41***********************@news.skynet.be... Dear all,
I've got a security question that is so difficult that "maybe" there will
be no answer for it. It's regarding protecting asp code.
I did write some asp code, that I sell to companies, to control several
dbases. Because I sell the code, it's not that they own the code and can
sell it further or change the code, or add some extra code to it. It's
like I'm selling a program like Excel and that they can use the program, not
change it. I'm still the rightful and intellectual owner.
Also, if you give the raw asp-code, then there is a possibility that they
change to code a bit for there internal usage only. But if I sell an
update, then they have to search and copy/past there old code in the new page, not
knowing, that everything will work eventually.
It would be a lot nicer and easer if I can deliver some protected code
that they can't change! This will make my live a lot easer regarding updates.
And I will sleep better because they can't see the raw asp code,
copy/past/change and sell it or worse, going to competitors.
It would mean a lot for me, if you could help me to protect my code
against this all. Give me some inside views, some snip of your thoughts or some
general ideas to debate.
The thinks I did find and won't help to protect this all is :
a) NT security (server is from the customers)
b) Host the IIS server by myself (cannot be done, customers
request there own servers)
c) AspCodeLock, drawback in executing?
d) Windows Script Encode, this can be broken.
Using dll's would be nice and could be a solution, but then
a) I've to buy "Visual-Basic" or something else to do this.
A question that is running in my mind is : Is "visual-Basic"
the good/perfect programming language to do this? Some people
did always say that C++ is mutch better in performance and
is thread save. I can write Delphi also, is this a way to go?
But how?
b) Then I have to put all my pages in DLL form. (login.asp ->
will be : login.dll) or do I have to protect only portions of
my asp pages, but still then, they could change or implement
some extra code in the pages and that is not what I'm searching
for.
c) will this dll solution be steady enough against asp code. I
know from asp-code (I'm writing in UltraEdit, so I have a low
cost regarding buying all the software I need for my work. This
is important for me!) that I can write heavy used pages with no
problems at all. What with dll-pages? What with MTS?
d) Asp gives you the fast solution in debugging, because there is
no compilation involved so you can directly write/change your
code without compiling, installing and register your code. Is
this not a drawback in a dll solution, or is there a good
debugging environment for dll coding for iis?
The best solution for me is : some sort of opensource script language that
you can use like asp, but with some build in
function like
a) Create iis readable script
b) Create iis dll script
So when a webpage is done, you could create a filename.dll file and put
this on the webserver without losing any functionality from the previous
readable script like filename.asp. Better would be, that the file extension would
stay filename.asp for the dll version, this to protect my inline
hyperlinks.
Thnx for helping me
Best regards,
J.
>I did write some asp code, that I sell to companies, to control several dbases. Because I sell the code, it's not that they own the code and can
sell it further or change the code, or add some extra code to it. It's like
I'm selling a program like Excel and that they can use the program, not
change it. I'm still the rightful and intellectual owner.
Make sure your license agreement states that.
It would be a lot nicer and easer if I can deliver some protected code that
they can't change! This will make my live a lot easer regarding updates. And
I will sleep better because they can't see the raw asp code,
copy/past/change and sell it or worse, going to competitors.
It's called a DLL. Put at least some of your logic, maybe
authentication code, into a DLL and it's tough to reverse engineer.
Using dll's would be nice and could be a solution, but then
a) I've to buy "Visual-Basic" or something else to do this.
A question that is running in my mind is : Is "visual-Basic"
the good/perfect programming language to do this? Some people
did always say that C++ is mutch better in performance and
is thread save. I can write Delphi also, is this a way to go?
But how?
Bummer. Haviung to buy developer tools to be able to develop and sell
a product. That's shameful. As bad as having to buy a pizza oven and
a delivery car to run a pizza shop.
b) Then I have to put all my pages in DLL form. (login.asp ->
will be : login.dll) or do I have to protect only portions of
my asp pages, but still then, they could change or implement
some extra code in the pages and that is not what I'm searching
for.
If you want them to change *nothing* then you have to use an
environment that isn't designed for simplicity in changing code.
c) will this dll solution be steady enough against asp code. I
know from asp-code (I'm writing in UltraEdit, so I have a low
cost regarding buying all the software I need for my work. This
is important for me!) that I can write heavy used pages with no
problems at all. What with dll-pages? What with MTS?
d) Asp gives you the fast solution in debugging, because there is
no compilation involved so you can directly write/change your
code without compiling, installing and register your code. Is
this not a drawback in a dll solution, or is there a good
debugging environment for dll coding for iis?
The best solution for me is : some sort of opensource script language that
you can use like asp, but with some build in
function like
a) Create iis readable script
b) Create iis dll script
So when a webpage is done, you could create a filename.dll file and put this
on the webserver without losing any functionality from the previous readable
script like filename.asp. Better would be, that the file extension would
stay filename.asp for the dll version, this to protect my inline hyperlinks.
So write this type of environment yourself.
There are advantages and drawbacks to every programming choice. Match
the techniques to your needs.
Jeff
It's also ridiculously easy to defeat. Just Google for Script Decoder to see
how easy it is
Bob Barrows
Rob wrote: You may also try Microsoft's "Script Encoder" to encrypt your asp
source code. It's free.
"John" wrote:
Dear all,
I've got a security question that is so difficult that "maybe" there
will be no answer for it. It's regarding protecting asp code.
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Yang Li Ke |
last post by:
Hi guys!
Anyone know a way so that users purchasing
my scripts would not be able to share them
with other people ?
Yang
|
by: Alan Sheehan |
last post by:
Hi pythonistas,
I am looking for methods of deploying applications with end users so
that the python code is tamper proof. What are my options ?
I understand I can supply .pyc or .pyo files...
|
by: nell |
last post by:
Hi all,
I've developed a testing application in python, and should supply it in
a way that no one (lets say they are regular users) will understand it
and edit it.
The application source is all...
|
by: Roland Hall |
last post by:
I read Aaron's article: http://www.aspfaq.com/show.asp?id=2276 re:
protecting images from linked to by other sites. There is a link at the
bottom of that page that references an interesting...
|
by: Shawn |
last post by:
Hi.
I have a folder that contains a lot of different documents. xls, .doc, .pdf
etc. Different users have access to different documents. The problem is
that if a user knows the name of a...
| | |
by: Dr. Edmund M. Hayes |
last post by:
I wrote a access program that works well enough that a handful of
people would like to buy it from me.
My problem is that if I sell it to someone there is no mechanism that
I know of to protect...
|
by: flit |
last post by:
Hello All,
I have a hard question, every time I look for this answer its get out
from the technical domain and goes on in the moral/social domain.
First, I live in third world with bad gov., bad...
|
by: xamman |
last post by:
hi there! according to msdn (link at bottom) i should be able to
protect a whole class declaratively as above. However i keep getting
'request for principal permissions failed' exceptions.
in...
|
by: rogerjames1 |
last post by:
How would I go about protecting a whole directory, e.g.
http://www.example.com/members/ and all sub-directories with login
protection? I wouldn't like to put a .php script in each directory and...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
