I am running a win 2K server with frontpage extensions.

Our designers use Front page while we use Interdev for development.



I want to be able to secure the .asp include files so that they get included

at compile time, but are invisible to users who decide to download our

website.



I thought I had this worked out.  I had made an {inc} folder and gave system

and administrators full access.  This worked, the pages displayed and a

download did not include the {inc} folder.  Then I had to reset permissions

using MMC which hooped the whole thing.  Re-doing the permissions on that

folder back to system and admins created "access denied" throughout the

whole site.



Does anyone else have a solution for this?  what about encryption of the

pages.



Rob

Developer, Web Administrator

SQL Administrator



(xxx) xxx-xxxx



www.MarketWebSolutions.com

New! Application Service Provisioning

Need affordable and easy to use provincial,

national and/or global access for your

business applications?

We have the perfect solution!

call  xxx xxx-xxxx







---

MaximumASP offers enhanced hosting solutions on the Windows 2000 platform. Dedicated processor, RAM, and server resources provide
dedicated server performance at virtual server prices. Commercial components provided; custom components allowed.

---

You are currently subscribed to asp_web_howto as: $subst('Recip.EmailAddr')

To unsubscribe send a blank email to leave-asp_web_howto-$subst('Recip.MemberIDChar')@p2p.wrox.com

Could you not just rename your .inc files with .asp extensions?



Best Regards,



Vince.



Rob wrote:



> I am running a win 2K server with frontpage extensions.

> Our designers use Front page while we use Interdev for development.

>

> I want to be able to secure the .asp include files so that they get included

> at compile time, but are invisible to users who decide to download our

> website.

>

> I thought I had this worked out.  I had made an {inc} folder and gave system

> and administrators full access.  This worked, the pages displayed and a

> download did not include the {inc} folder.  Then I had to reset permissions

> using MMC which hooped the whole thing.  Re-doing the permissions on that

> folder back to system and admins created "access denied" throughout the

> whole site.

>

> Does anyone else have a solution for this?  what about encryption of the

> pages.

>

> Rob

> Developer, Web Administrator

> SQL Administrator

>

> (xxx) xxx-xxxx

>

> www.MarketWebSolutions.com

> New! Application Service Provisioning

> Need affordable and easy to use provincial,

> national and/or global access for your

> business applications?

> We have the perfect solution!

> call  xxx xxx-xxxx

>



---

MaximumASP offers enhanced hosting solutions on the Windows 2000 platform. Dedicated processor, RAM, and server resources provide
dedicated server performance at virtual server prices. Commercial components provided; custom components allowed.

---

You are currently subscribed to asp_web_howto as: $subst('Recip.EmailAddr')

To unsubscribe send a blank email to leave-asp_web_howto-$subst('Recip.MemberIDChar')@p2p.wrox.com

Rename all your includes to .ASP. This will not prevent them from being 

downloaded, but they will be processed if they are downloaded.

This means that stuff like:

<%

Dim sPassWord

sPassWord = "VerySecret"

etc etc

%>



will never reach the client. Only the stuff YOU as a developer output to 

the browser (by Response.Write for example) will be shown to the user.





HtH



Imar





At 09:19 AM 12/12/2000 -0700, you wrote:

>I am running a win 2K server with frontpage extensions.

>Our designers use Front page while we use Interdev for development.

>

>I want to be able to secure the .asp include files so that they get included

>at compile time, but are invisible to users who decide to download our

>website.

>

>I thought I had this worked out.  I had made an {inc} folder and gave system

>and administrators full access.  This worked, the pages displayed and a

>download did not include the {inc} folder.  Then I had to reset permissions

>using MMC which hooped the whole thing.  Re-doing the permissions on that

>folder back to system and admins created "access denied" throughout the

>whole site.

>

>Does anyone else have a solution for this?  what about encryption of the

>pages.

>

>Rob

>Developer, Web Administrator

>SQL Administrator

>

>(xxx) xxx-xxxx

>

>www.MarketWebSolutions.com

>New! Application Service Provisioning

>Need affordable and easy to use provincial,

>national and/or global access for your

>business applications?

>We have the perfect solution!

>call  xxx xxx-xxxx

>

>



---

MaximumASP offers enhanced hosting solutions on the Windows 2000 platform. Dedicated processor, RAM, and server resources provide
dedicated server performance at virtual server prices. Commercial components provided; custom components allowed.

---

You are currently subscribed to asp_web_howto as: $subst('Recip.EmailAddr')

To unsubscribe send a blank email to leave-asp_web_howto-$subst('Recip.MemberIDChar')@p2p.wrox.com

You could just create a file that is outside of your website's directory.

This way you don't have to worry about any permissions at all.



-----Original Message-----

From: Rob [mailto:rob@m...]

Sent: Tuesday, December 12, 2000 11:20 AM

To: ASP Web HowTo

Subject: [asp_web_howto] hiding include files





I am running a win 2K server with frontpage extensions.

Our designers use Front page while we use Interdev for development.



I want to be able to secure the .asp include files so that they get included

at compile time, but are invisible to users who decide to download our

website.



I thought I had this worked out.  I had made an {inc} folder and gave system

and administrators full access.  This worked, the pages displayed and a

download did not include the {inc} folder.  Then I had to reset permissions

using MMC which hooped the whole thing.  Re-doing the permissions on that

folder back to system and admins created "access denied" throughout the

whole site.



Does anyone else have a solution for this?  what about encryption of the

pages.



Rob

Developer, Web Administrator

SQL Administrator



(xxx) xxx-xxxx



www.MarketWebSolutions.com

New! Application Service Provisioning

Need affordable and easy to use provincial,

national and/or global access for your

business applications?

We have the perfect solution!

call  xxx xxx-xxxx







---

MaximumASP offers enhanced hosting solutions on the Windows 2000 platform. Dedicated processor, RAM, and server resources provide
dedicated server performance at virtual server prices. Commercial components provided; custom components allowed.

---

You are currently subscribed to asp_web_howto as: $subst('Recip.EmailAddr')

To unsubscribe send a blank email to leave-asp_web_howto-$subst('Recip.MemberIDChar')@p2p.wrox.com

This message is in MIME format. Since your mail reader does not understand

this format, some or all of this message may not be legible.



------_=_NextPart_001_01C06462.43E493C0

Content-Type: text/plain;

	charset="iso-8859-1"



Why not just name the include files as .asp instead of .inc so that they get

run on the server and their output returned instead of the contents.



-----Original Message-----

From: Rob [mailto:rob@m...]

Sent: Tuesday, December 12, 2000 11:20 AM

To: ASP Web HowTo

Subject: [asp_web_howto] hiding include files





I am running a win 2K server with frontpage extensions.

Our designers use Front page while we use Interdev for development.



I want to be able to secure the .asp include files so that they get included

at compile time, but are invisible to users who decide to download our

website.



I thought I had this worked out.  I had made an {inc} folder and gave system

and administrators full access.  This worked, the pages displayed and a

download did not include the {inc} folder.  Then I had to reset permissions

using MMC which hooped the whole thing.  Re-doing the permissions on that

folder back to system and admins created "access denied" throughout the

whole site.



Does anyone else have a solution for this?  what about encryption of the

pages.



Rob

Developer, Web Administrator

SQL Administrator



(xxx) xxx-xxxx



www.MarketWebSolutions.com

New! Application Service Provisioning

Need affordable and easy to use provincial,

national and/or global access for your

business applications?

We have the perfect solution!

call  xxx xxx-xxxx







---

MaximumASP offers enhanced hosting solutions on the Windows 2000 platform.

Dedicated processor, RAM, and server resources provide dedicated server

performance at virtual server prices. Commercial components provided; custom

components allowed.




leave-asp_web_howto-$subst('Recip.MemberIDChar')@p2p.wrox.com





---

MaximumASP offers enhanced hosting solutions on the Windows 2000 platform. Dedicated processor, RAM, and server resources provide
dedicated server performance at virtual server prices. Commercial components provided; custom components allowed.

---

You are currently subscribed to asp_web_howto as: $subst('Recip.EmailAddr')

To unsubscribe send a blank email to leave-asp_web_howto-$subst('Recip.MemberIDChar')@p2p.wrox.com