473,390 Members | 1,073 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,390 software developers and data experts.

Hiding ASP source code

I have a customer with an extensive intranet which contains a lot of
sensitive company data. The client is concerned that any employee
could download source code back to removable storage and thereby steal
the data.

Printing is considered publicly risky and other capture methods of
visble screens would be too clumsy and outside the capability of most.

So we have been asked to make the source "invisible" or at least
extremely difficult to reveal.

Any suggestions please...?

TIA

.les.
o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o
Les Juby le*****@anti-spam.iafrica.com
Webpro Internet - - - Prosoft Microsystems
Durban, KwaZulu-Natal, South Africa
P.O.Box 35243, Northway 4065, South Africa
Tel: +27 31 563-8344 Fax: +27 31 564-4928
o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o
(you *do* know to take "anti-spam" out the address....?
Jul 19 '05 #1
7 2675
There are obfuscation tools out there that you can purchase. Another option
is to simply refactor code so ASP contains UI elements only and the rest of
the code is in VB COM component (ActiveX DLLs). The only code that shows up
is something like:

<%
Response.Write(vbObject.GetSecretStuff())
%>

A very serious hacker might still decompile the VB, but it would be a
concerted effort, as there are no decompilers for the more modern VB
implementations.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

************************************************
Think Outside the Box!
************************************************
"Les Juby" <we****@webpro.co.za> wrote in message
news:40**************@news.uunet.co.za...
I have a customer with an extensive intranet which contains a lot of
sensitive company data. The client is concerned that any employee
could download source code back to removable storage and thereby steal
the data.

Printing is considered publicly risky and other capture methods of
visble screens would be too clumsy and outside the capability of most.

So we have been asked to make the source "invisible" or at least
extremely difficult to reveal.

Any suggestions please...?

TIA

.les.
o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o
Les Juby le*****@anti-spam.iafrica.com
Webpro Internet - - - Prosoft Microsystems
Durban, KwaZulu-Natal, South Africa
P.O.Box 35243, Northway 4065, South Africa
Tel: +27 31 563-8344 Fax: +27 31 564-4928
o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o
(you *do* know to take "anti-spam" out the address....?

Jul 19 '05 #2
"Les Juby" <we****@webpro.co.za> wrote in message
news:40**************@news.uunet.co.za...
I have a customer with an extensive intranet which contains a lot of
sensitive company data. The client is concerned that any employee
could download source code back to removable storage and thereby steal
the data.

Printing is considered publicly risky and other capture methods of
visble screens would be too clumsy and outside the capability of most.

So we have been asked to make the source "invisible" or at least
extremely difficult to reveal.

Any suggestions please...?


In addition to what Greg said, proper NTFS permissions on the ASP files will
also protect the source code.

--
Tom Kaminski IIS MVP
http://www.microsoft.com/windowsserv...y/centers/iis/
http://mvp.support.microsoft.com/
http://www.iisfaq.com/
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://www.tryiis.com
Jul 19 '05 #3
On Thu, 15 Jul 2004 06:08:42 GMT, we****@webpro.co.za (Les Juby)
wrote:
I have a customer with an extensive intranet which contains a lot of
sensitive company data. The client is concerned that any employee
could download source code back to removable storage and thereby steal
the data.

Printing is considered publicly risky and other capture methods of
visble screens would be too clumsy and outside the capability of most.

So we have been asked to make the source "invisible" or at least
extremely difficult to reveal.

Any suggestions please...?


I'd be surprised if the actual ASP source had any sensitive data, more
likely it's material the ASP is grabbing from somewhere, so hiding the
source may not actually result in your goals.

That said, ASP source isn't "downloadable" if you have a properly set
up and secured server. ASP is processed by the server, so if you lock
the ASP files to only the account used for the intranet and only allow
access through the server, the source would never show.

Of course, since you mention porinting and screen capture, you may not
even be really talking about ASP source code anyway, you may be
talking about the final result displayed in the browser. And that's
something you can't "hide" since you've already sent it to the client
for display.

I'd suggest evaluating the overall security of data and information in
your organization, and arriving at a process to protect it as needed.
Strip searches by armed guards may be required if you happen to work
for the CIA... :)

Jeff
Jul 19 '05 #4
And for a low-tech solution to making code less readable:

PCbit
http://www.pcbit.com
Advanced HTML Optimizer
Can remove white space in HTML and ASP files.

Best regards,
J. Paul Schmidt, Classic ASP Web Designer
http://www.Bullschmidt.com
Classic ASP Design Tips, ASP Web Database Demo, ASP Bar Chart Tool...
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Jul 19 '05 #5
Uuuuh, this sounds good, but I'm completely unfamiliar with what you
are proposing. But it sounds the way to go.

Would the "rest of the code" you refer to be the original pages as
they are at present.?

Is there any reference you could please refer me to that might have
simple step-by-step instructions on what is needed here.?

Thanks, all, for the help....

(Hey, aren't we polite down here in Africa!)

.les.

On Thu, 15 Jul 2004 08:02:42 -0500, "Cowboy \(Gregory A. Beamer\)
[MVP]" <No************@comcast.netNoSpamM> wrote:
There are obfuscation tools out there that you can purchase. Another option
is to simply refactor code so ASP contains UI elements only and the rest of
the code is in VB COM component (ActiveX DLLs). The only code that shows up
is something like:

<%
Response.Write(vbObject.GetSecretStuff())
%>

A very serious hacker might still decompile the VB, but it would be a
concerted effort, as there are no decompilers for the more modern VB
implementations.

o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o
Les Juby le*****@anti-spam.iafrica.com
Webpro Internet - - - Prosoft Microsystems
Durban, KwaZulu-Natal, South Africa
P.O.Box 35243, Northway 4065, South Africa
Tel: +27 31 563-8344 Fax: +27 31 564-4928
o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o
(you *do* know to take "anti-spam" out the address....?
Jul 19 '05 #6
we****@webpro.co.za (Les Juby) wrote in message news:<40**************@news.uunet.co.za>...
I have a customer with an extensive intranet which contains a lot of
sensitive company data. The client is concerned that any employee
could download source code back to removable storage and thereby steal
the data.

Printing is considered publicly risky and other capture methods of
visble screens would be too clumsy and outside the capability of most.

So we have been asked to make the source "invisible" or at least
extremely difficult to reveal.

Any suggestions please...?


There is a product called ASP Lightning which will take each ASP page
you have, and convert/compile it into a DLL. It then rewrites the ASP
you have with just a call to the DLL.

http://www.infomentum.com/ASPLightning/

I used this product on a trial basis sometime last year when I thought
that we were going to have to hide the code, but it turned out the
deal fell through. They were quite helpful in putting out a new
version when I discovered a bug in their product.
Jul 19 '05 #7
Let me bring it down a notch as I am normally so ingrained in architecture
that I am flying way above the clouds.

The suggestion is to refactor, which is pull the code into VB COM
components. To do this, you have to create methods for your code. For
example, let's say you have the following code in your ASP.

connString = "{connection string for database here}"
sqlString = "SELECT * FROM SecretAuthorsTable"

Set objConn = New ADODB.Connection(connString)
Set objCmd == New ADODB.Command(sqlString, conn)
Set objRS = cmd.Execute()

'Work with RS here

To hide the database code, you would do the following:

1. Move the code to a function in a VB COM component by creating an ActiveX
DLL. Let's say we make DataLayer.dll with a class file called SecretData.
The function in the class would look something like so

Public Function GetSecretAuthorData() As ADODB.Recordset

Dim connString As String
Dim sqlString As String
Dim objConn As ADODB.Connection
Dim objCmd As ADODB.Command
Dim objRS As ADODB.Recordset

connString = "{connection string for database here}"
sqlString = "SELECT * FROM SecretAuthorsTable"

Set objConn = New ADODB.Connection(connString)
Set objCmd == New ADODB.Command(sqlString, conn)
Set objRS = cmd.Execute()

GetSecretAuthorData = objRS

End Function

2. Call the object from ASP

Set objSD = New DataLayer.SecretData()

Set objRS = objSD.GetSecretAuthorData()

NOTE: Not an optimal example, but the idea is sound. Now, a hacker for your
ASP app only learns about an object rather than actually getting the
connection string information and a sql query to start mining with.

NOTE: You can protect the implementation even more by hiding the connection
string in the registry, but that is a more complex bit of work. Or by
encrypting the strings, et al.

I will check and see if I can find a good URL. The MS Book Designing for
Scalability Using Microsoft Windows DNA is great for understanding
distributed applications using ASP and VB COM. You can pick up up extremely
cheap these days (75 cents US)

Designing for Scalability with Microsoft Windows DNA
by Per Sundblad, Sten Sundblad
Paperback: 450 pages ; Dimensions (in inches): 1.28 x 9.19 x 7.37
Publisher: Microsoft Press; 1 edition (March 15, 2000)
ASIN: 0735609683

http://www.amazon.com/exec/obidos/tg...glance&s=books

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

************************************************
Think Outside the Box!
************************************************
"Les Juby" <we****@webpro.co.za> wrote in message
news:40**************@news.uunet.co.za...
Uuuuh, this sounds good, but I'm completely unfamiliar with what you
are proposing. But it sounds the way to go.

Would the "rest of the code" you refer to be the original pages as
they are at present.?

Is there any reference you could please refer me to that might have
simple step-by-step instructions on what is needed here.?

Thanks, all, for the help....

(Hey, aren't we polite down here in Africa!)

.les.

On Thu, 15 Jul 2004 08:02:42 -0500, "Cowboy \(Gregory A. Beamer\)
[MVP]" <No************@comcast.netNoSpamM> wrote:
There are obfuscation tools out there that you can purchase. Another optionis to simply refactor code so ASP contains UI elements only and the rest ofthe code is in VB COM component (ActiveX DLLs). The only code that shows upis something like:

<%
Response.Write(vbObject.GetSecretStuff())
%>

A very serious hacker might still decompile the VB, but it would be a
concerted effort, as there are no decompilers for the more modern VB
implementations.

o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o
Les Juby le*****@anti-spam.iafrica.com
Webpro Internet - - - Prosoft Microsystems
Durban, KwaZulu-Natal, South Africa
P.O.Box 35243, Northway 4065, South Africa
Tel: +27 31 563-8344 Fax: +27 31 564-4928
o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o
(you *do* know to take "anti-spam" out the address....?

Jul 19 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

11
by: Lorenzo Villari | last post by:
I premise I don't know C++ well but... I wondered what is this data hiding thing... I mean, if I can look at the header (and i need it beacuse of the class), then what's hidden? Can someone give...
4
by: Dave | last post by:
Hi, Is possible that memcpy can be used to hide const string value? D
8
by: Jho | last post by:
Is it wise to do the following to hide html source and other info. I plan to do a popup window which would close my existing web page and popup a window in its place without toolbar and...
10
by: FX | last post by:
I wanna publish a script on my site which allows me to hide image source. i have rough idea abt it. i`ll point src to some php page like: <img src="image.php"> & in tht php wat exactly shud be...
5
by: kpdeepu | last post by:
Hi, I have created a form which has a text box and a submit button.... <form name="myform" action="new.asp" method="post"> <input type="text" name="text1" size=20> <input type="submit"...
162
by: Sh4wn | last post by:
Hi, first, python is one of my fav languages, and i'll definitely keep developing with it. But, there's 1 one thing what I -really- miss: data hiding. I know member vars are private when you...
0
by: Samuel Bayer | last post by:
Jonathan Gardner wrote: At the risk of prolonging this thread, I'll add my own personal insight. I've spent a decent amount of time programming in Java, and the overhead of assigning a...
27
by: matt | last post by:
Hello group, I'm trying to become familiar with the information hiding design rules, and I have a lot (3) of questions for all you experts. AFAIK, a generic module has 2 files: ...
1
shoonya
by: shoonya | last post by:
Hi, i am working on a mobile platform written in C. There are certain functions (3rd party codes) called in the source code, which are only present in header (.h file), and their definition is...
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
0
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.