Re: Protecting ASP code

From: Curt J Raddatz (curt.raddatz_at_ocsc.com)
Date: 12/07/04 

Date: Tue, 7 Dec 2004 10:04:47 -0500

If this is really a concern then you need to be developing in another
language. Assuming you want to continue using ASP, I would take the
low-tech approach. Why go though a bunch of code that can likely be hacked
anyway. Find a contract lawyer, draw up a software license agreement and
have you clients sign it. Problem solved.

"John" <john_mcwire@unison.ie> wrote in message
news:41b5a108$0$25072$ba620e4c@news.skynet.be...
> Dear all,
>
> I've got a security question that is so difficult that "maybe" there will
be
> no answer for it. It's regarding protecting asp code.
>
> I did write some asp code, that I sell to companies, to control several
> dbases. Because I sell the code, it's not that they own the code and can
> sell it further or change the code, or add some extra code to it. It's
like
> I'm selling a program like Excel and that they can use the program, not
> change it. I'm still the rightful and intellectual owner.
>
> Also, if you give the raw asp-code, then there is a possibility that they
> change to code a bit for there internal usage only. But if I sell an
update,
> then they have to search and copy/past there old code in the new page, not
> knowing, that everything will work eventually.
>
> It would be a lot nicer and easer if I can deliver some protected code
that
> they can't change! This will make my live a lot easer regarding updates.
And
> I will sleep better because they can't see the raw asp code,
> copy/past/change and sell it or worse, going to competitors.
>
> It would mean a lot for me, if you could help me to protect my code
against
> this all. Give me some inside views, some snip of your thoughts or some
> general ideas to debate.
>
> The thinks I did find and won't help to protect this all is :
> a) NT security (server is from the customers)
> b) Host the IIS server by myself (cannot be done, customers
> request there own servers)
> c) AspCodeLock, drawback in executing?
> d) Windows Script Encode, this can be broken.
>
> Using dll's would be nice and could be a solution, but then
> a) I've to buy "Visual-Basic" or something else to do this.
> A question that is running in my mind is : Is "visual-Basic"
> the good/perfect programming language to do this? Some people
> did always say that C++ is mutch better in performance and
> is thread save. I can write Delphi also, is this a way to go?
> But how?
> b) Then I have to put all my pages in DLL form. (login.asp ->
> will be : login.dll) or do I have to protect only portions of
> my asp pages, but still then, they could change or implement
> some extra code in the pages and that is not what I'm searching
> for.
> c) will this dll solution be steady enough against asp code. I
> know from asp-code (I'm writing in UltraEdit, so I have a low
> cost regarding buying all the software I need for my work. This
> is important for me!) that I can write heavy used pages with no
> problems at all. What with dll-pages? What with MTS?
> d) Asp gives you the fast solution in debugging, because there is
> no compilation involved so you can directly write/change your
> code without compiling, installing and register your code. Is
> this not a drawback in a dll solution, or is there a good
> debugging environment for dll coding for iis?
>
> The best solution for me is : some sort of opensource script language that
> you can use like asp, but with some build in
>
> function like
> a) Create iis readable script
> b) Create iis dll script
>
> So when a webpage is done, you could create a filename.dll file and put
this
> on the webserver without losing any functionality from the previous
readable
> script like filename.asp. Better would be, that the file extension would
> stay filename.asp for the dll version, this to protect my inline
hyperlinks.
>
> Thnx for helping me
> Best regards,
> J.
>
>
>
>
>
>
>

Relevant Pages

  • Re: Protecting ASP code
    ... >I did write some asp code, that I sell to companies, to control several ... Because I sell the code, it's not that they own the code and can ... It's called a DLL. ... > a) Create iis readable script ...
    (microsoft.public.inetserver.asp.general)
  • Re: Encrypting?
    ... isn't even required) can rebuild a dll's source code. ... is nothing you can do in ASP, or ASP.Net, that someone else can't do. ... Protect your sensitive data in other places. ... then remove the "NO SPAM" ...
    (microsoft.public.inetserver.asp.general)
  • Re: Securing Non ASP.Net Files
    ... asp.dll (i.e. parses the script using aspx syntax) the execution fails. ... existing links pointing to .asp pages -- but these pages still must already ... Joe's as well) is how do you protect .asp pages that have not been converted ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • php5activescript mostly works but odd gaps
    ... It has worked with ASP for years (Dynamic-CD) ... php-activescript.ini or add in and recompile the dll. ... directory as specified but are not available to chained script files. ...
    (comp.lang.php)
  • Are Frontpage passwords secure?
    ... I have some asp.net pages on my website. ... These access a sql server ... I get my ISP to protect my asp folder with a Windows 2000 NTFS password ...
    (microsoft.public.security)
Quantcast