I have a site designed with ASP 3.0 code (HTML and vbscript) that I
want to protect from being visible. I want this code to be non-visible
and hack-proof. Is there a way to either encrypt or protect another
way to ensure that my code is not stolen?
I host the code on discountasp.net.
Billy wrote:
> I have a site designed with ASP 3.0 code (HTML and vbscript) that I
> want to protect from being visible. I want this code to be non-visible
> and hack-proof. Is there a way to either encrypt or protect another
> way to ensure that my code is not stolen?
>
> I host the code on discountasp.net.
No
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
"Billy"
news:1183479234.101487.129550@q69g2000hsb.googlegroups.com.. .
> I have a site designed with ASP 3.0 code (HTML and vbscript) that I
> want to protect from being visible. I want this code to be non-visible
> and hack-proof. Is there a way to either encrypt or protect another
> way to ensure that my code is not stolen?
>
With the disclaimer that nothing is absolute then yes. Stop writing stuff
in ASP.
> I host the code on discountasp.net.
Bear in mind that only the chaps at discountasp.net are in a position to
steal your code. ASP script never leaves the server so it can't be stolen
by third parties.
On Jul 3, 12:20 pm, "Anthony Jones"
> "Billy"
>
> news:1183479234.101487.129550@q69g2000hsb.googlegroups.com.. .
>
> > I have a site designed with ASP 3.0 code (HTML and vbscript) that I
> > want to protect from being visible. I want this code to be non-visible
> > and hack-proof. Is there a way to either encrypt or protect another
> > way to ensure that my code is not stolen?
>
> With the disclaimer that nothing is absolute then yes. Stop writing stuff
> in ASP.
>
> > I host the code on discountasp.net.
>
> Bear in mind that only the chaps at discountasp.net are in a position to
> steal your code. ASP script never leaves the server so it can't be stolen
> by third parties.
So you are saying that unless the discountasp.net server is
compromised, there is no way that a third party other than
discountasp.net itself can view or re-use my code? There is no way to
hack that code other than hacking the server? If that is the case,
then my asp code is already secured as per my requirements.
Also, would coding in visual studio vb.net then uploading that
compiled code be more secure? Maybe I should be doing my coding in
visual studio?
Billy wrote:
> On Jul 3, 12:20 pm, "Anthony Jones"
>> "Billy"
>>
>> news:1183479234.101487.129550@q69g2000hsb.googlegroups.com.. .
>>
>>> I have a site designed with ASP 3.0 code (HTML and vbscript) that I
>>> want to protect from being visible. I want this code to be
>>> non-visible and hack-proof. Is there a way to either encrypt or
>>> protect another way to ensure that my code is not stolen?
>>
>> With the disclaimer that nothing is absolute then yes. Stop writing
>> stuff in ASP.
>>
>>> I host the code on discountasp.net.
>>
>> Bear in mind that only the chaps at discountasp.net are in a
>> position to steal your code. ASP script never leaves the server so
>> it can't be stolen by third parties.
>
> So you are saying that unless the discountasp.net server is
> compromised, there is no way that a third party other than
> discountasp.net itself can view or re-use my code? There is no way to
> hack that code other than hacking the server? If that is the case,
> then my asp code is already secured as per my requirements.
>
ASP code is everything in server-side script tags:
<%
server-side code
%>
Anything you can see when you View Source in the browser is client-side
code, not ASP code. It is impossible to secure anything that is visible
via View Source.
> Also, would coding in visual studio vb.net then uploading that
> compiled code be more secure? Maybe I should be doing my coding in
> visual studio?
Same consideration. Server-side code is suecure. Anything visible via
View Source in the browser (or via perusing the files in the browser
cache) is vulnerable. There is nothing that can be cone about that. It
is the nature of the beast.
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
On Jul 3, 2:04 pm, "Bob Barrows [MVP]"
wrote:
> Billy wrote:
> > On Jul 3, 12:20 pm, "Anthony Jones"
> >> "Billy"
>
> >>news:1183479234.101487.129550@q69g2000hsb.googlegroups.com ...
>
> >>> I have a site designed with ASP 3.0 code (HTML and vbscript) that I
> >>> want to protect from being visible. I want this code to be
> >>> non-visible and hack-proof. Is there a way to either encrypt or
> >>> protect another way to ensure that my code is not stolen?
>
> >> With the disclaimer that nothing is absolute then yes. Stop writing
> >> stuff in ASP.
>
> >>> I host the code on discountasp.net.
>
> >> Bear in mind that only the chaps at discountasp.net are in a
> >> position to steal your code. ASP script never leaves the server so
> >> it can't be stolen by third parties.
>
> > So you are saying that unless the discountasp.net server is
> > compromised, there is no way that a third party other than
> > discountasp.net itself can view or re-use my code? There is no way to
> > hack that code other than hacking the server? If that is the case,
> > then my asp code is already secured as per my requirements.
>
> ASP code is everything in server-side script tags:
> <%
> server-side code
> %>
>
> Anything you can see when you View Source in the browser is client-side
> code, not ASP code. It is impossible to secure anything that is visible
> via View Source.
>
> > Also, would coding in visual studio vb.net then uploading that
> > compiled code be more secure? Maybe I should be doing my coding in
> > visual studio?
>
> Same consideration. Server-side code is suecure. Anything visible via
> View Source in the browser (or via perusing the files in the browser
> cache) is vulnerable. There is nothing that can be cone about that. It
> is the nature of the beast.
>
> --
> Microsoft MVP -- ASP/ASP.NET
> Please reply to the newsgroup. The email account listed in my From
> header is my spam trap, so I don't check it very often. You will get a
> quicker response by posting to the newsgroup.- Hide quoted text -
>
> - Show quoted text -
OK, then my code in the ASP script tags is what I want to conceal from
the public. It seems that this is what is occurring already. Based on
your responses, I now understand that the ASP server side code is
secure w/ the exception of the host server admins visibility. I assume
any code that passes through my ISP via uploading to the host is also
open to the ISP's eyes as well. That throws in another set of eyes.
Only if the hosted server is hacked will my code within the ASP tags
be comprised to the hacker.
How do the big boys secure their code - say Amazon.com, Microsoft.com
or IBM.com. This code is obviously very desired by competitors and I'd
assume extremely vunerable.
Billy wrote:
>
> How do the big boys secure their code - say Amazon.com, Microsoft.com
> or IBM.com. This code is obviously very desired by competitors and I'd
> assume extremely vunerable.
Writing vbscript code is very easy for an experienced programmer.
Anything that the "big boys" are doing is easily replicable. There would
be no point to attempting to steal their code. Let's put it another way,
if a hacker is good enough to get at the source code, then he is good
enough to write it himself.
..Net code is compiled into dlls so it is more secure against physical
theft. however, decompilers do exist, and they will yield a close
approximation of the source code, the main component of which that will
be missing will be the comments since they do not get compiled.
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
"Billy"
news:1183487362.199548.293680@n2g2000hse.googlegroups.com...
> On Jul 3, 2:04 pm, "Bob Barrows [MVP]"
> wrote:
> > Billy wrote:
> > > On Jul 3, 12:20 pm, "Anthony Jones"
> > >> "Billy"
> >
> > >>news:1183479234.101487.129550@q69g2000hsb.googlegroups.com ...
> >
> > >>> I have a site designed with ASP 3.0 code (HTML and vbscript) that I
> > >>> want to protect from being visible. I want this code to be
> > >>> non-visible and hack-proof. Is there a way to either encrypt or
> > >>> protect another way to ensure that my code is not stolen?
> >
> > >> With the disclaimer that nothing is absolute then yes. Stop writing
> > >> stuff in ASP.
> >
> > >>> I host the code on discountasp.net.
> >
> > >> Bear in mind that only the chaps at discountasp.net are in a
> > >> position to steal your code. ASP script never leaves the server so
> > >> it can't be stolen by third parties.
> >
> > > So you are saying that unless the discountasp.net server is
> > > compromised, there is no way that a third party other than
> > > discountasp.net itself can view or re-use my code? There is no way to
> > > hack that code other than hacking the server? If that is the case,
> > > then my asp code is already secured as per my requirements.
> >
> > ASP code is everything in server-side script tags:
> > <%
> > server-side code
> > %>
> >
> > Anything you can see when you View Source in the browser is client-side
> > code, not ASP code. It is impossible to secure anything that is visible
> > via View Source.
> >
> > > Also, would coding in visual studio vb.net then uploading that
> > > compiled code be more secure? Maybe I should be doing my coding in
> > > visual studio?
> >
> > Same consideration. Server-side code is suecure. Anything visible via
> > View Source in the browser (or via perusing the files in the browser
> > cache) is vulnerable. There is nothing that can be cone about that. It
> > is the nature of the beast.
> >
> > --
> > Microsoft MVP -- ASP/ASP.NET
> > Please reply to the newsgroup. The email account listed in my From
> > header is my spam trap, so I don't check it very often. You will get a
> > quicker response by posting to the newsgroup.- Hide quoted text -
> >
> > - Show quoted text -
>
> OK, then my code in the ASP script tags is what I want to conceal from
> the public. It seems that this is what is occurring already. Based on
> your responses, I now understand that the ASP server side code is
> secure w/ the exception of the host server admins visibility. I assume
> any code that passes through my ISP via uploading to the host is also
> open to the ISP's eyes as well. That throws in another set of eyes.
>
> Only if the hosted server is hacked will my code within the ASP tags
> be comprised to the hacker.
>
> How do the big boys secure their code - say Amazon.com, Microsoft.com
> or IBM.com. This code is obviously very desired by competitors and I'd
> assume extremely vunerable.
>
Often the Big Boys back end code will depend on a considerable set of
binaries and database schema on multiple tiers. Hacking it to rip it off is
not going to be profitable since its unlikely that this entire set of
components could be harvested.
"Billy"
news:1183487362.199548.293680@n2g2000hse.googlegroups.com...
> On Jul 3, 2:04 pm, "Bob Barrows [MVP]"
> wrote:
>> Billy wrote:
>> > On Jul 3, 12:20 pm, "Anthony Jones"
>> >> "Billy"
>>
>> >>news:1183479234.101487.129550@q69g2000hsb.googlegroups.com ...
>>
>> >>> I have a site designed with ASP 3.0 code (HTML and vbscript) that I
>> >>> want to protect from being visible. I want this code to be
>> >>> non-visible and hack-proof. Is there a way to either encrypt or
>> >>> protect another way to ensure that my code is not stolen?
>>
>> >> With the disclaimer that nothing is absolute then yes. Stop writing
>> >> stuff in ASP.
>>
>> >>> I host the code on discountasp.net.
>>
>> >> Bear in mind that only the chaps at discountasp.net are in a
>> >> position to steal your code. ASP script never leaves the server so
>> >> it can't be stolen by third parties.
>>
>> > So you are saying that unless the discountasp.net server is
>> > compromised, there is no way that a third party other than
>> > discountasp.net itself can view or re-use my code? There is no way to
>> > hack that code other than hacking the server? If that is the case,
>> > then my asp code is already secured as per my requirements.
>>
>> ASP code is everything in server-side script tags:
>> <%
>> server-side code
>> %>
>>
>> Anything you can see when you View Source in the browser is client-side
>> code, not ASP code. It is impossible to secure anything that is visible
>> via View Source.
>>
>> > Also, would coding in visual studio vb.net then uploading that
>> > compiled code be more secure? Maybe I should be doing my coding in
>> > visual studio?
>>
>> Same consideration. Server-side code is suecure. Anything visible via
>> View Source in the browser (or via perusing the files in the browser
>> cache) is vulnerable. There is nothing that can be cone about that. It
>> is the nature of the beast.
>>
>> --
>> Microsoft MVP -- ASP/ASP.NET
>> Please reply to the newsgroup. The email account listed in my From
>> header is my spam trap, so I don't check it very often. You will get a
>> quicker response by posting to the newsgroup.- Hide quoted text -
>>
>> - Show quoted text -
>
> OK, then my code in the ASP script tags is what I want to conceal from
> the public. It seems that this is what is occurring already. Based on
> your responses, I now understand that the ASP server side code is
> secure w/ the exception of the host server admins visibility. I assume
> any code that passes through my ISP via uploading to the host is also
> open to the ISP's eyes as well. That throws in another set of eyes.
>
> Only if the hosted server is hacked will my code within the ASP tags
> be comprised to the hacker.
>
> How do the big boys secure their code - say Amazon.com, Microsoft.com
> or IBM.com. This code is obviously very desired by competitors and I'd
> assume extremely vunerable.
>
They don't use public hosting companies. They have their own servers.
On a public shared server, there are likely to be hundreds of web
applications written in asp, php, asp.net, jsp, cold fusion - you name it.
The server admins will have no interest in your application. Believe me.
Billy wrote:
> OK, then my code in the ASP script tags is what I want to conceal
> from the public. It seems that this is what is occurring already.
> Based on your responses, I now understand that the ASP server side
> code is secure w/ the exception of the host server admins
> visibility.
Not so fast.
Your code can still be exposed if you or your hosting provider do some
stupid things. For example, in IIS versions before 6, requests for unkown
and unregistered extensions (like .inc) were handled as text/plain. So if
someone guessed correctly when they tried
[http://yourdomain.com/DBConnectionStrings.inc], then IIS would happily
respond with your server source code.
Furthermore, the default 500;100 error page can reveal details of your code.
You should, at minimum, restrict detailed error messages on your public
site.
--
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.