asp source code protection

**Dave Anderson** · Aug 8 '06, 09:05 PM

Re: asp source code protection

quickcur@yahoo. com wrote:

Hi, I am new to asp. I am writing an asp page and put it at
http://www.mydomain.com/mypage.asp. In mypage.asp, there is sensitive
information in the code. I do not want people get the source code of
mypage.asp because there will figure out some very important
information. My question is if I just put my asp at
http://www.mydomain.com/mypage.asp, would they be able to get the
source code?

As long as your server parses the script with asp.dll, remote users will not
have access to the content within server-side blocks:

<% %>
<script runat="server"</script>

Beware that the default 500 Error page shows details of the line at which an
error occurs, and under pre-IIS6, an attacker could guess the name of your
includes and get back the text if you used un-accounted-for extensions (like
..inc).

--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.

**StreamLogic** · Aug 10 '06, 08:55 PM

Re: asp source code protection

It is a best-practive not to store sensitive information in an ASP
page. As Dave mentioned, as long as asp.dll handles the request, it
will be translated for the web. However, anyone that gains access to
the web server itself can view the page. Remember, ASP pages are in
plain-text.

It is always better to store sensitive information as close to the
server as possible, away from the presentation layers. Store it in the
database or a protected file on the server that can be read using
authentication, then disposed of.

Hope this helps.

Curtis Hughes
StreamLogic Inc.

Microsoft Solutions Consultant for Modern Work - C5 Insight

http://www.StreamLogicInc.com

We solve complex customer and employee engagement challenges through people-centric digital transformation professional services.

quickcur@yahoo. com wrote:

Hi, I am new to asp. I am writing an asp page and put it at
http://www.mydomain.com/mypage.asp. In mypage.asp, there is sensitive
information in the code. I do not want people get the source code of
mypage.asp because there will figure out some very important
information. My question is if I just put my asp at
http://www.mydomain.com/mypage.asp, would they be able to get the
source code?
>
Thanks,
>
q

**Larry Bud** · Aug 14 '06, 01:35 PM

Re: asp source code protection

quickcur@yahoo. com wrote:

Hi, I am new to asp. I am writing an asp page and put it at
http://www.mydomain.com/mypage.asp. In mypage.asp, there is sensitive
information in the code. I do not want people get the source code of
mypage.asp because there will figure out some very important
information. My question is if I just put my asp at
http://www.mydomain.com/mypage.asp, would they be able to get the
source code?

Users will not be able to get to it, but any admin of the server will.

asp source code protection

asp source code protection

Comment

Comment

Comment