Protecting ASP code

From: John (john_mcwire_at_unison.ie)
Date: 12/07/04 

Date: Tue, 7 Dec 2004 13:25:02 +0100

Dear all,

I've got a security question that is so difficult that "maybe" there will be
no answer for it. It's regarding protecting asp code.

I did write some asp code, that I sell to companies, to control several
dbases. Because I sell the code, it's not that they own the code and can
sell it further or change the code, or add some extra code to it. It's like
I'm selling a program like Excel and that they can use the program, not
change it. I'm still the rightful and intellectual owner.

Also, if you give the raw asp-code, then there is a possibility that they
change to code a bit for there internal usage only. But if I sell an update,
then they have to search and copy/past there old code in the new page, not
knowing, that everything will work eventually.

It would be a lot nicer and easer if I can deliver some protected code that
they can't change! This will make my live a lot easer regarding updates. And
I will sleep better because they can't see the raw asp code,
copy/past/change and sell it or worse, going to competitors.

It would mean a lot for me, if you could help me to protect my code against
this all. Give me some inside views, some snip of your thoughts or some
general ideas to debate.

The thinks I did find and won't help to protect this all is :
 a) NT security (server is from the customers)
 b) Host the IIS server by myself (cannot be done, customers
      request there own servers)
 c) AspCodeLock, drawback in executing?
 d) Windows Script Encode, this can be broken.

Using dll's would be nice and could be a solution, but then
 a) I've to buy "Visual-Basic" or something else to do this.
    A question that is running in my mind is : Is "visual-Basic"
    the good/perfect programming language to do this? Some people
    did always say that C++ is mutch better in performance and
    is thread save. I can write Delphi also, is this a way to go?
    But how?
 b) Then I have to put all my pages in DLL form. (login.asp ->
    will be : login.dll) or do I have to protect only portions of
    my asp pages, but still then, they could change or implement
    some extra code in the pages and that is not what I'm searching
    for.
 c) will this dll solution be steady enough against asp code. I
    know from asp-code (I'm writing in UltraEdit, so I have a low
    cost regarding buying all the software I need for my work. This
    is important for me!) that I can write heavy used pages with no
    problems at all. What with dll-pages? What with MTS?
 d) Asp gives you the fast solution in debugging, because there is
    no compilation involved so you can directly write/change your
    code without compiling, installing and register your code. Is
    this not a drawback in a dll solution, or is there a good
    debugging environment for dll coding for iis?

The best solution for me is : some sort of opensource script language that
you can use like asp, but with some build in

function like
 a) Create iis readable script
 b) Create iis dll script

So when a webpage is done, you could create a filename.dll file and put this
on the webserver without losing any functionality from the previous readable
script like filename.asp. Better would be, that the file extension would
stay filename.asp for the dll version, this to protect my inline hyperlinks.

Thnx for helping me
Best regards,
J.

Relevant Pages

  • RE: Protecting ASP code
    ... You may also try Microsoft's "Script Encoder" to encrypt your asp source ... It's regarding protecting asp code. ... > It would mean a lot for me, if you could help me to protect my code against ... > c) will this dll solution be steady enough against asp code. ...
    (microsoft.public.inetserver.asp.general)
  • Re: Error with COM DLL on 2003 server
    ... > the script cannot be executed. ... > This ASP code is used: ... > ActiveXObjectinstead of Server.CreateObjectthe execution works fine, ... > so the problem is not in the DLL. ...
    (microsoft.public.de.inetserver.iis.asp)
  • Re: .NET dll works on one server and not another
    ... Seems like that using the Setup wizard for packaging my .NET site ... was adding this dll to the registery as well which was causing problems. ... > it exactly the same way on another server, the same asp code fails. ...
    (microsoft.public.dotnet.framework.interop)
  • CyptoAPI from a COM+ DLL called from ASP
    ... problems with some ASP code that calls a COM+ dll that uses the Crypto ... The code that we are using to access the cypto api works fine when ...
    (microsoft.public.inetserver.iis.security)
  • Re: "Cscript Error: Loading your Settings failed. (Access Denied)"
    ... > the asp code runs, how the code actually calls a vbs script which in ... > I have another server with this script that's on SP2 and this runs ... IUSR/IWAM_machinename local accounts have read access. ... The IUSR/IWAM accounts are normally in the local Guests group which does not ...
    (microsoft.public.scripting.wsh)
Loading