WebApp Sec mailing list archives
Re: ASP security in HTML pages
From: Nasir Ghaznavi <nasirghaznavi () gmail com>
Date: Wed, 23 Jun 2004 05:20:26 +0500
On Tue, 22 Jun 2004 12:42:02 +0100, Bénoni MARTIN <benoni.martin () libertis ga> wrote:
Hi list, I have been googling around to know how secure can be ASP code, and I found what follows: - For a newbee, impossible to get the asp scripts inserted in an HTML page as they are not displayed in the client's browser,
You dont Insert ASP in HTML page, you do the opposite, i.e., you include the HTML code inside ASP page. The ASP part is never sent to the browser, it is processed on the server, so its secure if you code securely and server permissions are properly setup.
- Instead of just letting the ASP code in the HTML pages, we can create some DLLs for example, but a not-to-bad skilled hacker can get and reverse them.
If the DLL is executing on the server then i dont know how can a hacker get them, if they are propoerly placed and security permissions are setup correctly, btw you have to use some scripting language to call the dll.
So, my question to you, skilled-people :) is: is there a way to get the asp scripts in a page the server does not send when a client's request arrives? There should be a way to ^perform that, but how tough is it?
The server never sends the ASP code to the client if it is properly configured.
Thanks in advance, folks!
Nasir Ghaznavi
Current thread:
- ASP security in HTML pages Bénoni MARTIN (Jun 22)
- Re: ASP security in HTML pages Nasir Ghaznavi (Jun 23)
- Re: ASP security in HTML pages Lucas Holt (Jun 23)
- <Possible follow-ups>
- RE: ASP security in HTML pages Wolf, Yonah (Jun 23)
- RE: ASP security in HTML pages Scovetta, Michael V (Jun 24)
- RE: ASP security in HTML pages Auri Rahimzadeh (Jun 24)
- Re: ASP security in HTML pages Matt Fisher (Jun 26)
- RE: ASP security in HTML pages Auri Rahimzadeh (Jun 24)
- RE: ASP security in HTML pages Bénoni MARTIN (Jun 25)
- RE: ASP security in HTML pages Harrison Gladden (Jun 24)
- RE: ASP security in HTML pages Steve McCullough (Jun 26)
- RE: ASP security in HTML pages Dinis Cruz (Jun 27)
- RE: ASP security in HTML pages Harrison Gladden (Jun 24)
- RE: ASP security in HTML pages Calderon, Juan Carlos (GE Commercial Finance, NonGE) (Jun 28)