Security Basics mailing list archives

RE: ASP Pages

From: "wjnorth" <wjnorth () earthlink net>
Date: Mon, 16 Jun 2003 12:12:22 -0700

There is a way (I believe its good for both NetScrape and Internet
Exploder) to lock down view access to the source code of the site. I
can't remember how to do it, but I believe its either an HTML tag, or
it's a setting within IIS. If I find it I will pass it through,
otherwise do a search on disabling HTML source code, hopefully that will
pop up something.

Additionally, you can lockdown access within IIS so that everyone can
only read the page. Another option would be to patent your product, that
way anyone stealing it is breaking the law. Stupid-n-silly I know, but
if we want to go hyper technical I'm sure I can fish out some good IIS
lockdown guidelines.

Hth,

-Wes


-----Original Message-----
From: Benjamin Meade [mailto:ben () lanwest com au] 
Sent: Sunday, June 15, 2003 11:51 PM
To: 'Security-Basics'
Subject: ASP Pages



Hi all,

We are currently developing a project management system in ASP, and I am
a little concerned about code stealing. Given that the asp pages are
visible to everyone, how difficult is it for someone to download the
actual asp code? (As opposed to the html that the page generates).

Also, there is the option for installing the site on a clients server.
Is there any way to encrypt this so that the server can read it, but the
clients cannot?

Thanks,

Benjamin Meade
System Administrator
LanWest Pty Ltd
Ph:  (08) 9440 3033
Fax: (08) 9440 3370



------------------------------------------------------------------------
---
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
analysts! The Gartner Group just put Neoteris in the top of its Magic
Quadrant, while InStat has confirmed Neoteris as the leader in
marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access
in about an hour, with no client, server changes, or ongoing
maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

Current thread:

ASP Pages Benjamin Meade (Jun 16)
- RE: ASP Pages Fred Dirkse - OIC Group, Inc. (Jun 16)
  - Re: ASP Pages M. Zeeshan Mustafa (Jun 16)
  - RE: ASP Pages exon (Jun 17)
- Re: ASP Pages securitybasics (Jun 16)
- Re: ASP Pages Ernie Nelson (Jun 16)
- RE: ASP Pages Chad (Jun 17)
- Re: ASP Pages ATD (Jun 24)
- <Possible follow-ups>
- RE: ASP Pages Andrew Helsby (Jun 16)
- RE: ASP Pages wjnorth (Jun 16)
- RE: ASP Pages Michael Dunn (Jun 17)
  - Re: ASP Pages Bill (Jun 17)