INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

ASP 101

Some simple ASP security tips by sweevo
Posted: 31 Jan 02

Any regular ASP code will not be visible to the client because it is processed server side, with only the HTML output visible as source to the user.

You should also rename any *.inc files you may be using (that feature "<% 'asp code %>") to *.asp so anyone who tries to open these files from their browser will not get the true source because the server will try to process them as asp files and output accordingly (an .inc file will show up fully just as a .txt would).

If you have virtual directories for all your images, include files etc (eg. /images or /include), then to stop anyone having a full list of those directories' contents (and therefore full download access to all your files) simply stick an index.htm or default.htm file in there.

This file could be a blank page or contain a message, but it will automatically load when someone tries to access a "library" directory.

You can hide any client side script by using something along the lines of:

<script language="VBScript" src="file.vbs" type="text/vbscript"></script>

The code will not show in the HTML source.  However, it can still be downloaded if the user goes to its address.  The files could be encrypted though.

Back to Microsoft: ASP (Active Server Pages) FAQ Index
Back to Microsoft: ASP (Active Server Pages) Forum

My Archive

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close