Security Basics mailing list archives

RE: ASP Pages

From: "Andrew Helsby" <Andrew.Helsby () k3btg com>
Date: Mon, 16 Jun 2003 16:46:11 +0100



-----Original Message-----
From: Benjamin Meade [mailto:ben () lanwest com au]
Sent: 16 June 2003 07:51
To: 'Security-Basics'
Subject: **Mailing-list ms-secnews (Security focus): ASP Pages



--------------Forwarded by SpamMotel--------------
--------------------------------------------------
--from "Benjamin Meade" <ben () lanwest com au>--
--reply ben () lanwest com au--

Spam Motel address created on 2002-06-20 11:48:38
This Message received on Mon Jun 16 11:41:50 EDT 2003
Last Message received on 2003-06-16 11:41:35

No. 17  Messages Forwarded: 6559  Messages Received: 6559

***  ms-secnews (Security focus) ***

                    --kczmeayzrdue () spammotel com--
--------------------------------------------------


Hi all,

We are currently developing a project management system in ASP, and I am
a little concerned about code stealing. Given that the asp pages are
visible to everyone, how difficult is it for someone to download the
actual asp code? (As opposed to the html that the page generates).



As long as you don't have shares on the web server open to people to connect to and have removed sample applications on 
the server and run iislock down then you should be ok to stop them downloading the code.

Also, there is the option for installing the site on a clients server.
Is there any way to encrypt this so that the server can read it, but the
clients cannot?


Only by putting ntfs security permissions on the clients server so only the webserver can access it, but the client 
would have to do it, and they could easily remove it by taking ownership....of course they'd need a logon and/or 
network connectivity to the box.....or physical access to the server, boot from a knoppix cd for example and then look 
at the web pages bypassing the permissions that way.


Andy

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

Current thread:

ASP Pages Benjamin Meade (Jun 16)
- RE: ASP Pages Fred Dirkse - OIC Group, Inc. (Jun 16)
  - Re: ASP Pages M. Zeeshan Mustafa (Jun 16)
  - RE: ASP Pages exon (Jun 17)
- Re: ASP Pages securitybasics (Jun 16)
- Re: ASP Pages Ernie Nelson (Jun 16)
- RE: ASP Pages Chad (Jun 17)
- Re: ASP Pages ATD (Jun 24)
- <Possible follow-ups>
- RE: ASP Pages Andrew Helsby (Jun 16)
- RE: ASP Pages wjnorth (Jun 16)
- RE: ASP Pages Michael Dunn (Jun 17)
  - Re: ASP Pages Bill (Jun 17)