How to Secure ASP Code?

**Bob Barrows [MVP]** · Jul 3 '07, 04:25 PM

Re: How to Secure ASP Code?

Billy wrote:

I have a site designed with ASP 3.0 code (HTML and vbscript) that I
want to protect from being visible. I want this code to be non-visible
and hack-proof. Is there a way to either encrypt or protect another
way to ensure that my code is not stolen?
>
I host the code on discountasp.net .

No

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

**Anthony Jones** · Jul 3 '07, 04:25 PM

Re: How to Secure ASP Code?

"Billy" <UseNewz@hotmai l.comwrote in message
news:1183479234 .101487.129550@ q69g2000hsb.goo glegroups.com.. .

I have a site designed with ASP 3.0 code (HTML and vbscript) that I
want to protect from being visible. I want this code to be non-visible
and hack-proof. Is there a way to either encrypt or protect another
way to ensure that my code is not stolen?
>

With the disclaimer that nothing is absolute then yes. Stop writing stuff
in ASP.

I host the code on discountasp.net .

Bear in mind that only the chaps at discountasp.net are in a position to
steal your code. ASP script never leaves the server so it can't be stolen
by third parties.

**Billy** · Jul 3 '07, 05:45 PM

Re: How to Secure ASP Code?

On Jul 3, 12:20 pm, "Anthony Jones" <A...@yadayaday ada.comwrote:

"Billy" <UseN...@hotmai l.comwrote in message
>
news:1183479234 .101487.129550@ q69g2000hsb.goo glegroups.com.. .
>

I have a site designed with ASP 3.0 code (HTML and vbscript) that I
want to protect from being visible. I want this code to be non-visible
and hack-proof. Is there a way to either encrypt or protect another
way to ensure that my code is not stolen?

>
With the disclaimer that nothing is absolute then yes. Stop writing stuff
in ASP.
>

I host the code on discountasp.net .

>
Bear in mind that only the chaps at discountasp.net are in a position to
steal your code. ASP script never leaves the server so it can't be stolen
by third parties.

So you are saying that unless the discountasp.net server is
compromised, there is no way that a third party other than
discountasp.net itself can view or re-use my code? There is no way to
hack that code other than hacking the server? If that is the case,
then my asp code is already secured as per my requirements.

Also, would coding in visual studio vb.net then uploading that
compiled code be more secure? Maybe I should be doing my coding in
visual studio?

**Bob Barrows [MVP]** · Jul 3 '07, 06:15 PM

Re: How to Secure ASP Code?

Billy wrote:

On Jul 3, 12:20 pm, "Anthony Jones" <A...@yadayaday ada.comwrote:

>"Billy" <UseN...@hotmai l.comwrote in message
>>
>news:118347923 4.101487.129550 @q69g2000hsb.go oglegroups.com. ..
>>

>>I have a site designed with ASP 3.0 code (HTML and vbscript) that I
>>want to protect from being visible. I want this code to be
>>non-visible and hack-proof. Is there a way to either encrypt or
>>protect another way to ensure that my code is not stolen?

>>
>With the disclaimer that nothing is absolute then yes. Stop writing
>stuff in ASP.
>>

>>I host the code on discountasp.net .

>>
>Bear in mind that only the chaps at discountasp.net are in a
>position to steal your code. ASP script never leaves the server so
>it can't be stolen by third parties.

>
So you are saying that unless the discountasp.net server is
compromised, there is no way that a third party other than
discountasp.net itself can view or re-use my code? There is no way to
hack that code other than hacking the server? If that is the case,
then my asp code is already secured as per my requirements.
>

ASP code is everything in server-side script tags:
<%
server-side code
%>

Anything you can see when you View Source in the browser is client-side
code, not ASP code. It is impossible to secure anything that is visible
via View Source.

Also, would coding in visual studio vb.net then uploading that
compiled code be more secure? Maybe I should be doing my coding in
visual studio?

Same consideration. Server-side code is suecure. Anything visible via
View Source in the browser (or via perusing the files in the browser
cache) is vulnerable. There is nothing that can be cone about that. It
is the nature of the beast.

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

**Dave Anderson** · Jul 5 '07, 07:35 PM

Re: How to Secure ASP Code?

Billy wrote:

OK, then my code in the ASP script tags is what I want to conceal
from the public. It seems that this is what is occurring already.
Based on your responses, I now understand that the ASP server side
code is secure w/ the exception of the host server admins
visibility.

Not so fast.

Your code can still be exposed if you or your hosting provider do some
stupid things. For example, in IIS versions before 6, requests for unkown
and unregistered extensions (like .inc) were handled as text/plain. So if
someone guessed correctly when they tried
[http://yourdomain.com/DBConnectionStrings.inc], then IIS would happily
respond with your server source code.

Furthermore, the default 500;100 error page can reveal details of your code.
You should, at minimum, restrict detailed error messages on your public
site.

--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.

How to Secure ASP Code?

How to Secure ASP Code?

Comment

Comment

Comment

Comment

Comment