/    Sign up×
Community /Pin to ProfileBookmark

Preventing admins from viewing asp file?

Copy linkTweet thisAlerts:
Jan 25.2005

I hope this question is in the right forum…my question is I have a customer who wants to somehow encrypt or protect the asp files for his website. Not the rendered html/javascript, but rather from other admins viewing the vbscript code. Can anyone offer some insight or suggestions on approaching this? Thank you in advance!

to post a comment
Full-stack Developer

12 Comments(s)

Copy linkTweet thisAlerts:
@betaJan 25.2005 — I take it that the other admins have access to the server and the folder which the files are in?
Copy linkTweet thisAlerts:
@mcrpdsauthorJan 25.2005 — yes, I suppose they would. Could he restrict access by windows login to the folder or file? I think this is one option, but is there another level of access or a different approach altogether? thanks.
Copy linkTweet thisAlerts:
@betaJan 25.2005 — If it is a remote server that they access via ftp, then they can change the user levels of the other admins and lock them out of a certain directory. This is providing that your client has the necessary admin level themselves.
Copy linkTweet thisAlerts:
@mcrpdsauthorJan 25.2005 — beta,

i believe it is a local server, where the customer and other admins(the ones he wants to restrict access) are all on site. The asp files will be the virtual directory to the web world. His concern is that he does not want anyone(admins) checking out the vbscript coding, which grants paid users access to certain areas of the site. He suggested encrypting the asp, which I find kind of funny. Any thoughts?
Copy linkTweet thisAlerts:
@betaJan 25.2005 — I don't think that encrypting the files would be the right answer. Maybe they should think about just downloading a simple program that password protects folders.
Copy linkTweet thisAlerts:
@mcrpdsauthorJan 25.2005 — beta,

that sounds like a better solution altogther. do you recommend any software package or program that protects folders via passwords or is this an option in windows os? thanks so much for your help!
Copy linkTweet thisAlerts:
@betaJan 25.2005 — There are plenty on [URL=http://www.download.com/3120-20_4-0.html?qt=password+folder&tg=dl-20&search.x=10&search.y=8]downloads.com[/URL].
Copy linkTweet thisAlerts:
@mcrpdsauthorJan 25.2005 — thanks beta for all your help!
Copy linkTweet thisAlerts:
@betaJan 25.2005 — No problem ?
Copy linkTweet thisAlerts:
@PeOfEoJan 25.2005 — [i]Originally posted by beta [/i]

[B]I don't think that encrypting the files would be the right answer. Maybe they should think about just downloading a simple program that password protects folders. [/B][/QUOTE] What is to stop someone with admin access from ending this program?
Copy linkTweet thisAlerts:
@mcrpdsauthorJan 25.2005 — PeOfEo,

I checked out a couple of software packages and both of them say that you(admin) must have a password to uninstall the software. So the admin that installed it of course would have set up the password to begin with, also there is a master key that is tied to the registration # of the purchased product just in case.
Copy linkTweet thisAlerts:
@PeOfEoJan 26.2005 — [i]Originally posted by mcrpds [/i]

[B]PeOfEo,

I checked out a couple of software packages and both of them say that you(admin) must have a password to uninstall the software. So the admin that installed it of course would have set up the password to begin with, also there is a master key that is tied to the registration # of the purchased product just in case. [/B][/QUOTE] Yes, but all processes running can be seen in task manager and ended there too. So if the program has to be running to protect the dir then the admin would be able to end the process and presto. I would say windows usr accounts would be the best way to secure a directory, but the administrator's account will be able to lord over them all (they can reset account passwords). Encryption of asp documents is not a viable solution, but maybe one bit of code or database contents. But if you want to encrypt some code you might need to use a two way encryption algorythm and I just think that if the admin wants to get in they can find your key and use your algorythm to decrypt the code anyway. However you can encrypt db contents like passwords with a one way algorythm and not have to worry.


I think your best option is to compile your source code into a dll.
×

Success!

Help @mcrpds spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.19,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...