INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login

HANDLE


PASSWORD
Remember Me
Forgot Password?

Navigation

Join Us!
Keyword Search
Browse Forums
Jobs
Start A Group
Tell A Friend
Donate
Whitepapers

Come Join Us!

  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • Turn Off Ad Banners
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
E-mail*
Handle

Password
Verify P'word
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site
Partner Button
(Download This Button Today!)

Member Feedback

"...I have tons of books, have book marked tons of tutorials, which have helped, but this forum has answered those "impossible to find" solutions. I am thrilled with this site..."
More...

Geography

Where in the world do Tek-Tips members come from?
Click Here To Find Out!
Home > Forums > Programmers > Graphics & Web Tools > Microsoft: Active Server Pages (ASP) > FAQs

Microsoft: Active Server Pages (ASP) FAQ

ASP 101

Some simple ASP security tips
faq333-1518
Posted: 31 Jan 02

Any regular ASP code will not be visible to the client because it is processed server side, with only the HTML output visible as source to the user.

You should also rename any *.inc files you may be using (that feature "<% 'asp code %>") to *.asp so anyone who tries to open these files from their browser will not get the true source because the server will try to process them as asp files and output accordingly (an .inc file will show up fully just as a .txt would).

If you have virtual directories for all your images, include files etc (eg. /images or /include), then to stop anyone having a full list of those directories' contents (and therefore full download access to all your files) simply stick an index.htm or default.htm file in there.

This file could be a blank page or contain a message, but it will automatically load when someone tries to access a "library" directory.

You can hide any client side script by using something along the lines of:

<script language="VBScript" src="file.vbs" type="text/vbscript"></script>

The code will not show in the HTML source.  However, it can still be downloaded if the user goes to its address.  The files could be encrypted though.

Back to Microsoft: Active Server Pages (ASP) FAQ Index
Back to Microsoft: Active Server Pages (ASP) Forum
My FAQ Archive
Email This FAQ To A Friend

My Archive