Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Some simple ASP security tips

ASP 101

Some simple ASP security tips

by  sweevo  Posted    (Edited  )
Any regular ASP code will not be visible to the client because it is processed server side, with only the HTML output visible as source to the user.

You should also rename any *.inc files you may be using (that feature "<% 'asp code %>") to *.asp so anyone who tries to open these files from their browser will not get the true source because the server will try to process them as asp files and output accordingly (an .inc file will show up fully just as a .txt would).

If you have virtual directories for all your images, include files etc (eg. /images or /include), then to stop anyone having a full list of those directories' contents (and therefore full download access to all your files) simply stick an index.htm or default.htm file in there.

This file could be a blank page or contain a message, but it will automatically load when someone tries to access a "library" directory.

You can hide any client side script by using something along the lines of:

<script language="VBScript" src="file.vbs" type="text/vbscript"></script>

The code will not show in the HTML source. However, it can still be downloaded if the user goes to its address. The files could be encrypted though.
Register to rate this FAQ  : BAD 1 2 3 4 5 6 7 8 9 10 GOOD
Please Note: 1 is Bad, 10 is Good :-)

Part and Inventory Search

Back
Top