asp source code protection

D

Dave Anderson

Hi, I am new to asp. I am writing an asp page and put it at
http://www.mydomain.com/mypage.asp. In mypage.asp, there is sensitive
information in the code. I do not want people get the source code of
mypage.asp because there will figure out some very important
information. My question is if I just put my asp at
http://www.mydomain.com/mypage.asp, would they be able to get the
source code?
Click to expand...

As long as your server parses the script with asp.dll, remote users will not
have access to the content within server-side blocks:

<% %>
<script runat="server"> </script>

Beware that the default 500 Error page shows details of the line at which an
error occurs, and under pre-IIS6, an attacker could guess the name of your
includes and get back the text if you used un-accounted-for extensions (like
..inc).
 
S

StreamLogic

It is a best-practive not to store sensitive information in an ASP
page. As Dave mentioned, as long as asp.dll handles the request, it
will be translated for the web. However, anyone that gains access to
the web server itself can view the page. Remember, ASP pages are in
plain-text.

It is always better to store sensitive information as close to the
server as possible, away from the presentation layers. Store it in the
database or a protected file on the server that can be read using
authentication, then disposed of.

Hope this helps.

Curtis Hughes
StreamLogic Inc.
http://www.StreamLogicInc.com
 
L

Larry Bud

Hi, I am new to asp. I am writing an asp page and put it at
http://www.mydomain.com/mypage.asp. In mypage.asp, there is sensitive
information in the code. I do not want people get the source code of
mypage.asp because there will figure out some very important
information. My question is if I just put my asp at
http://www.mydomain.com/mypage.asp, would they be able to get the
source code?
Click to expand...

Users will not be able to get to it, but any admin of the server will.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Compilation of old source code. 0
Idk need help in editing this source code 0
Help with code 0
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
How to call an asp-page by a clientside Javascript (syndication) 1
Age gate code 0
Retrieve a page content into a variable 1
My code or GoDaddy problem? 1

Members online

Total: 64 (members: 2, guests: 62)
Robots: 141

Forum statistics

Threads
474,263
Messages
2,571,064
Members
48,769
Latest member
Clifft

Latest Threads

Top