Monday, May 24, 2010

Any way to to keep my ASP coding safe on intranet server from being pirated, in my ASP / sql application?

When i give a browser based application with ASP / HTML as front end and sqlserver 2000 as back end, the ASP coding gets pirated from the computer on which the application is run or from the server in local area network. Any method to keep it safe? Any other platform where coding is safe and application still runs in web browser? will working in ASP.net or VB.net solve my purpose?

Any way to to keep my ASP coding safe on intranet server from being pirated, in my ASP / sql application?
ASP = Active Server Pages. the code you place in these pages is a mixture of front end javascript+HTML/XML and back end VBscript/.NET code.





There is no actual code (except your javascript, or generated javascript) that gets pushed to the web browser. Early ActiveX solutions sent an executable to the browser, but these are no longer used in modern development - unless it is a large bundle of extra browser capability (like Adobe Reader, Flash/Shockwave plugins, etc)





You ASP or ASP.NET code runs on the server via an IIS-controlled service. It is not visible, and cannot be pirated by anyone outside your firewall (the web clients). If you are saying your code is be hacked off this server, your security hole lies in the configuration of your network and IIS server, not in your programming paradigm.





That said, use safe coding practices. Read and understand how to configure your web server, and obey the rules of never using usernames/passwords or other private network information from within your javascript or HTML layers. If you're writing with ASP.NET (highly recommended) then most of these things are taken care of, except for the locking down of your network. That you have to do outside of whatever sites you're publishing.





Your LAN may be giving people access to your IIS machine. If this is the case, turn off the guest account and all other accounts for that machine. Do not develop on that machine, but simply on your own machine, then install the application when you're finished (prevents attacks from folks who know how to attach a debugger using the frontpage extensions to your IIS). On the IIS machine, save just one login for installing, and use anonymous access for to web site. Hope this helps.
Reply:If you run ASP on an IIS/Apache box, the end user can't see the ASP code, just the results of it.
Reply:As long as you use Windows, your stuff can be pirated by anyone connecting to your website in a fraction of a second.





In order to keep everything actually private, switch to a Linux machine and run Apache on the Linux machine. You will have unparalelled service and never have to worry about your stuff being pirated again.





Program the site in PHP for the best bet. Use Dreamweaver to do your site development.

night garden

No comments:

Post a Comment