473,503 Members | 12,103 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

How to Secure ASP Code?

I have a site designed with ASP 3.0 code (HTML and vbscript) that I
want to protect from being visible. I want this code to be non-visible
and hack-proof. Is there a way to either encrypt or protect another
way to ensure that my code is not stolen?

I host the code on discountasp.net.

Jul 3 '07 #1
5 4420
Billy wrote:
I have a site designed with ASP 3.0 code (HTML and vbscript) that I
want to protect from being visible. I want this code to be non-visible
and hack-proof. Is there a way to either encrypt or protect another
way to ensure that my code is not stolen?

I host the code on discountasp.net.
No

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 3 '07 #2

"Billy" <Us*****@hotmail.comwrote in message
news:11**********************@q69g2000hsb.googlegr oups.com...
I have a site designed with ASP 3.0 code (HTML and vbscript) that I
want to protect from being visible. I want this code to be non-visible
and hack-proof. Is there a way to either encrypt or protect another
way to ensure that my code is not stolen?
With the disclaimer that nothing is absolute then yes. Stop writing stuff
in ASP.
I host the code on discountasp.net.
Bear in mind that only the chaps at discountasp.net are in a position to
steal your code. ASP script never leaves the server so it can't be stolen
by third parties.

Jul 3 '07 #3
On Jul 3, 12:20 pm, "Anthony Jones" <A...@yadayadayada.comwrote:
"Billy" <UseN...@hotmail.comwrote in message

news:11**********************@q69g2000hsb.googlegr oups.com...
I have a site designed with ASP 3.0 code (HTML and vbscript) that I
want to protect from being visible. I want this code to be non-visible
and hack-proof. Is there a way to either encrypt or protect another
way to ensure that my code is not stolen?

With the disclaimer that nothing is absolute then yes. Stop writing stuff
in ASP.
I host the code on discountasp.net.

Bear in mind that only the chaps at discountasp.net are in a position to
steal your code. ASP script never leaves the server so it can't be stolen
by third parties.
So you are saying that unless the discountasp.net server is
compromised, there is no way that a third party other than
discountasp.net itself can view or re-use my code? There is no way to
hack that code other than hacking the server? If that is the case,
then my asp code is already secured as per my requirements.

Also, would coding in visual studio vb.net then uploading that
compiled code be more secure? Maybe I should be doing my coding in
visual studio?

Jul 3 '07 #4
Billy wrote:
On Jul 3, 12:20 pm, "Anthony Jones" <A...@yadayadayada.comwrote:
>"Billy" <UseN...@hotmail.comwrote in message

news:11**********************@q69g2000hsb.googleg roups.com...
>>I have a site designed with ASP 3.0 code (HTML and vbscript) that I
want to protect from being visible. I want this code to be
non-visible and hack-proof. Is there a way to either encrypt or
protect another way to ensure that my code is not stolen?

With the disclaimer that nothing is absolute then yes. Stop writing
stuff in ASP.
>>I host the code on discountasp.net.

Bear in mind that only the chaps at discountasp.net are in a
position to steal your code. ASP script never leaves the server so
it can't be stolen by third parties.

So you are saying that unless the discountasp.net server is
compromised, there is no way that a third party other than
discountasp.net itself can view or re-use my code? There is no way to
hack that code other than hacking the server? If that is the case,
then my asp code is already secured as per my requirements.
ASP code is everything in server-side script tags:
<%
server-side code
%>

Anything you can see when you View Source in the browser is client-side
code, not ASP code. It is impossible to secure anything that is visible
via View Source.
Also, would coding in visual studio vb.net then uploading that
compiled code be more secure? Maybe I should be doing my coding in
visual studio?
Same consideration. Server-side code is suecure. Anything visible via
View Source in the browser (or via perusing the files in the browser
cache) is vulnerable. There is nothing that can be cone about that. It
is the nature of the beast.

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 3 '07 #5
Billy wrote:
OK, then my code in the ASP script tags is what I want to conceal
from the public. It seems that this is what is occurring already.
Based on your responses, I now understand that the ASP server side
code is secure w/ the exception of the host server admins
visibility.
Not so fast.

Your code can still be exposed if you or your hosting provider do some
stupid things. For example, in IIS versions before 6, requests for unkown
and unregistered extensions (like .inc) were handled as text/plain. So if
someone guessed correctly when they tried
[http://yourdomain.com/DBConnectionStrings.inc], then IIS would happily
respond with your server source code.

Furthermore, the default 500;100 error page can reveal details of your code.
You should, at minimum, restrict detailed error messages on your public
site.

--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.
Jul 5 '07 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
4
2891
Pop-up and secure connection
by: debedb | last post by:
Hi all, I have a link, <A onClick="javascript:foo()">. The foo() function does w = window.open('', fieldid+'mywindow', prop); w.document.open(); d = w.document; And proceeds to write...
Javascript
68
3633
Is it time for secure C ?
by: Roman Ziak | last post by:
Hello, I just downloaded MS Visual Studio 2005 Express Beta. When I tried to compile existing valid project, I get a lot of warnings like 'sprintf' has been deprecated, 'strcpy' has been...
C / C++
3
4152
C#.NET Application - Could not establish secure channel for SSL/TL
by: Bill | last post by:
I'm running a C#.Net application that is using the HttpWebRequest to upload an xml file to a https site with FIPS complicancy turned on. On the "GetRequestStream()" method I get: "The underlying...
ASP.NET
8
2311
Secure and Nonsecure items
by: todd.freed | last post by:
Hey all, I have been racking my brain all morning to find a solution to this, and I am having no luck. Our webpage is created with Visual Studio C# and ASP.Net, hosted in-house using HTTPS with...
ASP.NET
14
4582
How to secure the Dotnet code
by: Usman | last post by:
Hi I'm working on an application that contains classes for licensing, authentication etc, including all the algorithms of encryption/decryption etc. I wanted to secure this code, but after...
.NET Framework
40
2762
secure integer library
by: Robert Seacord | last post by:
The CERT/CC has released a beta version of a secure integer library for the C Programming Language. The library is available for download from the CERT/CC Secure Coding Initiative web page at:...
C / C++
7
4926
CERT C Programming Language Secure Coding Standard
by: Robert Seacord | last post by:
The CERT/CC has just deployed a new web site dedicated to developing secure coding standards for the C programming language, C++, and eventually other programming language. We have already...
C / C++
5
3672
is PHP less secure than Perl, Python, or Ruby?
by: walterbyrd | last post by:
I honestly don't know. But, I have seen articles and posts about how PHP is terribly insecure. I don't usually see comparisons to other common web languages. I think the big vulnerablity is...
PHP
0
2321
Navigation between Secure and Non-secure Pages
by: amitvps | last post by:
Secure Socket Layer is very important and useful for any web application but it brings some problems too with itself. Handling navigation between secure and non-secure pages is one of the cumbersome...
ASP / Active Server Pages
3
2741
Do checked iterators/containers make code more secure?
by: zr | last post by:
Hi, Does usage of checked iterators and checked containers make code more secure? If so, can that code considered to be reasonably secure?
C / C++
0
7212
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
1
7017
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
7470
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
5604
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
4696
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
3186
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
3174
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
751
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
0
405
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us