RE: ASP Pages

From: exon (exon_at_home.se)
Date: 06/17/03

  • Next message: Mark Ng: "Re: redhat audit"
    Date: Tue, 17 Jun 2003 11:10:27 +0200 (CEST)
    To: security-basics@securityfocus.com
    
    

    If the client sees the code, then so can the user.
    I say wget and netcat or even telnet and rest my case.

    /Andy

    On Mon, 16 Jun 2003, Fred Dirkse - OIC Group, Inc. wrote:

    > Ben -
    > Unless your webserver is configured improperly, it will not return the asp
    > code to the client browser. When a .asp page is requested, the webserver
    > first sends that page to the .asp parser which runs the code and produces
    > the html content. If your server is setup to NOT process the .asp pages
    > properly, it will then just blindly spit back the .asp page, code and all to
    > your users.
    >
    > I am not sure on the encrypting part - is your concern that the client will
    > see the code or the end user?
    >
    > F
    >
    > >-----Original Message-----
    > >From: Benjamin Meade [mailto:ben@lanwest.com.au]
    > >Sent: Monday, June 16, 2003 1:51 AM
    > >To: 'Security-Basics'
    > >Subject: ASP Pages
    > >
    > >
    > >
    > >Hi all,
    > >
    > >We are currently developing a project management system in ASP, and I am
    > >a little concerned about code stealing. Given that the asp pages are
    > >visible to everyone, how difficult is it for someone to download the
    > >actual asp code? (As opposed to the html that the page generates).
    > >
    > >Also, there is the option for installing the site on a clients server.
    > >Is there any way to encrypt this so that the server can read it, but the
    > >clients cannot?
    > >
    > >Thanks,
    > >
    > >Benjamin Meade
    > >System Administrator
    > >LanWest Pty Ltd
    > >Ph: (08) 9440 3033
    > >Fax: (08) 9440 3370
    > >
    > >
    > >
    > >---------------------------------------------------------------------------
    > >Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    > >The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    > >while InStat has confirmed Neoteris as the leader in marketshare.
    > >
    > >Find out why, and see how you can get plug-n-play secure remote access in
    > >about an hour, with no client, server changes, or ongoing maintenance.
    > >
    > >Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    > >-------------------------------------------------------------------
    > >---------
    > >
    > >
    >
    >
    > ---------------------------------------------------------------------------
    > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    > The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    > while InStat has confirmed Neoteris as the leader in marketshare.
    >
    > Find out why, and see how you can get plug-n-play secure remote access in
    > about an hour, with no client, server changes, or ongoing maintenance.
    >
    > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    > ----------------------------------------------------------------------------
    >
    >
    >

    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------


  • Next message: Mark Ng: "Re: redhat audit"

    Relevant Pages

    • Re: ASP Pages
      ... Server side code is all parsed out before getting sent to the client as long ... Subject: ASP Pages ... > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)
    • Re: ASP Pages
      ... Regarding the asp encryption thing, you should look more for "server ... > code to the client browser. ... >>Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)
    • RE: ASP Pages
      ... Unless your webserver is configured improperly, it will not return the asp ... I am not sure on the encrypting part - is your concern that the client will ... there is the option for installing the site on a clients server. ... >Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)
    • RE: Wireless LAN
      ... > Evaluating SSL VPNs' Consider NEOTERIS, ... The Gartner Group just put Neoteris in the top of its Magic ... > in about an hour, with no client, server changes, or ongoing ...
      (Security-Basics)
    • RE: Wireless LAN
      ... > Evaluating SSL VPNs' Consider NEOTERIS, ... The Gartner Group just put Neoteris in the top of its Magic ... > in about an hour, with no client, server changes, or ongoing ...
      (Security-Basics)