RE: ASP Pages

From: Ramsinghani, Aashish (EM, GECIS) (Aashish.Ramsinghani_at_geind.ge.com)
Date: 07/21/03

  • Next message: N407ER: "Re: IEEE 802.11 security (public key encryption?)"
    To: "'security-basics@securityfocus.com'" <security-basics@securityfocus.com>, "'ben@lanwest.com.au'" <ben@lanwest.com.au>
    Date: Mon, 21 Jul 2003 13:31:55 -0400
    
    

    There is another way to encode your ASP scripts..
    Microsoft Gives a Script Encoder :

    http://www.microsoft.com/downloads/details.aspx?FamilyId=E7877F67-C447-4873-
    B1B0-21F0626A6329&displaylang=en

    This is a simple encoder but good enough for Encoding Purposes...
    Web hosts and Web clients cannot view or modify your source.
    Its pretty Neat...Do check it out..

    -----Original Message-----
    From: wong chuin hun [mailto:wongz@linuxmail.org]
    Sent: Saturday, July 19, 2003 7:50 AM
    To: Tim Greer; skate; Eralper YILMAZ; ben@lanwest.com.au;
    'Security-Basics'
    Subject: Re: ASP Pages

    Hi,
    if u afraid of people stealing your code,what u can do is compile all ur
    code into a dll. Then register the dll into your server registry.

    And done ...all ur code are save.

    ----- Original Message -----
    From: "Tim Greer" <chatmaster@charter.net>
    Date: Fri, 18 Jul 2003 10:00:46 -0700
    To: "skate" <root@fatcuban.com>, "Eralper YILMAZ" <eryilmaz@porttakal.com>,
    <ben@lanwest.com.au>, "''Security-Basics''"
    <security-basics@securityfocus.com>
    Subject: Re: ASP Pages

    > Correct, that barring any technical/configuration reasons that would show
    > the ASP code in it's text form would not be possible, there are several
    > methods which are, such as a user on the same system opening and printing
    > another user's ASP file's contents, or another ASP, or PHP or CGI, etc.
    > script on the server that is intentionally allowing people to open and
    print
    > file contents (which is often not intentional, though it exists). So,
    some
    > things can help, but anything interpreted will still allow someone to
    obtain
    > the source code anyway, if they can manage to get that far. This is why
    > compiling is the best way to protect source code--and I don't know of a
    way
    > (personally) to do this in ASP. Note: Don't confuse compiling with
    > encrypting or obfuscating.
    > --
    > Regards,
    > Tim Greer chatmaster@charter.net
    > Server administration, security, programming, consulting.
    >
    >
    > ----- Original Message -----
    > From: "skate" <root@fatcuban.com>
    > To: "Eralper YILMAZ" <eryilmaz@porttakal.com>; <ben@lanwest.com.au>;
    > "'Security-Basics'" <security-basics@securityfocus.com>
    > Sent: Friday, July 18, 2003 9:01 AM
    > Subject: Re: ASP Pages
    >
    >
    > > no-one can read your asp code without having ftp (or similar) access to
    > the
    > > directory, the web server will run anything that it determines is asp,
    and
    > > only transmit the output. this is the core of server side scripting.
    > >
    > > as an extra, double security, you should put most of the core functions
    > into
    > > includes, and have them stored outside the web root. occasionally, the
    web
    > > server may have problems and transmit things before running them. i've
    > seen
    > > this happen in php anyway when the server is in the process of being
    > > updated...
    > >
    > > ----- Original Message -----
    > > From: "Eralper YILMAZ" <eryilmaz@porttakal.com>
    > > To: <ben@lanwest.com.au>; "'Security-Basics'"
    > > <security-basics@securityfocus.com>
    > > Sent: Friday, July 18, 2003 10:08 AM
    > > Subject: Re: ASP Pages
    > >
    > >
    > > > Hi,
    > > >
    > > > Use "Script Encoder "
    > > >
    > > > You can find detailed info at
    > > >
    > >
    >
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/script56/ht
    > > > ml/SeconScriptEncoderOverview.asp
    > > >
    > > >
    > > >
    > > >
    > > > ----- Original Message -----
    > > > From: "Benjamin Meade" <ben@lanwest.com.au>
    > > > To: "'Security-Basics'" <security-basics@securityfocus.com>
    > > > Sent: Monday, June 16, 2003 9:51 AM
    > > > Subject: ASP Pages
    > > >
    > > >
    > > > >
    > > > > Hi all,
    > > > >
    > > > > We are currently developing a project management system in ASP, and
    I
    > am
    > > > > a little concerned about code stealing. Given that the asp pages are
    > > > > visible to everyone, how difficult is it for someone to download the
    > > > > actual asp code? (As opposed to the html that the page generates).
    > > > >
    > > > > Also, there is the option for installing the site on a clients
    server.
    > > > > Is there any way to encrypt this so that the server can read it, but
    > the
    > > > > clients cannot?
    > > > >
    > > > > Thanks,
    > > > >
    > > > > Benjamin Meade
    > > > > System Administrator
    > > > > LanWest Pty Ltd
    > > > > Ph: (08) 9440 3033
    > > > > Fax: (08) 9440 3370
    > > > >
    > > > >
    > > > >
    > > >
    > >
    > >
    --------------------------------------------------------------------------
    > > > -
    > > > > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
    > > analysts!
    > > > > The Gartner Group just put Neoteris in the top of its Magic
    Quadrant,
    > > > > while InStat has confirmed Neoteris as the leader in marketshare.
    > > > >
    > > > > Find out why, and see how you can get plug-n-play secure remote
    access
    > > in
    > > > > about an hour, with no client, server changes, or ongoing
    maintenance.
    > > > >
    > > > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    > > >
    > >
    > >
    --------------------------------------------------------------------------
    > > > --
    > > > >
    > > >
    > > >
    > >
    > >
    --------------------------------------------------------------------------
    > > -
    > > > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
    > analysts!
    > > > The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    > > > while InStat has confirmed Neoteris as the leader in marketshare.
    > > >
    > > > Find out why, and see how you can get plug-n-play secure remote access
    > in
    > > > about an hour, with no client, server changes, or ongoing maintenance.
    > > >
    > > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    > >
    > >
    --------------------------------------------------------------------------
    > > --
    > > >
    > > >
    > > >
    > >
    > >
    > >
    > >
    --------------------------------------------------------------------------
    > -
    > > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
    analysts!
    > > The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    > > while InStat has confirmed Neoteris as the leader in marketshare.
    > >
    > > Find out why, and see how you can get plug-n-play secure remote access
    in
    > > about an hour, with no client, server changes, or ongoing maintenance.
    > >
    > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    > >
    --------------------------------------------------------------------------
    > --
    > >
    >
    >
    >
    ---------------------------------------------------------------------------
    > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    > The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    > while InStat has confirmed Neoteris as the leader in marketshare.
    >
    > Find out why, and see how you can get plug-n-play secure remote access in
    > about an hour, with no client, server changes, or ongoing maintenance.
    >
    > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    >
    ----------------------------------------------------------------------------
    >

    -- 
    ______________________________________________
    http://www.linuxmail.org/
    Now with e-mail forwarding for only US$5.95/yr
    Powered by Outblaze
    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------
    

  • Next message: N407ER: "Re: IEEE 802.11 security (public key encryption?)"

    Relevant Pages

    • Re: ASP Pages
      ... It's interpreted, which means if you can encode it, it has to decode to ... Server administration, security, programming, consulting. ... Subject: ASP Pages ... >>> The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
      (Security-Basics)
    • Re: ASP Pages
      ... Given that the asp pages are ... there is the option for installing the site on a clients server. ... > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)
    • Re: ASP Pages
      ... Regarding the asp encryption thing, you should look more for "server ... > code to the client browser. ... >>Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)
    • Re: ASP Pages
      ... another user's ASP file's contents, or another ASP, or PHP or CGI, etc. ... Server administration, security, programming, consulting. ... > no-one can read your asp code without having ftp access to ... >>> The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
      (Security-Basics)
    • IIS 6 shell
      ... The server is Running Windows Server 2003 and IIS 6 fully patched, ... in the application we have an upload form to upload pictures to the ... javascript support is also poor and the script did not run properly ... (except asp!) ...
      (Pen-Test)