As far as security of Code is concern, one can achieve the same task using 

ISAPI instead of using ASP.



Regards



ASIM

www.geocities.com/asim.geo





> Dear list,

> 

> What is the best way to protect ASP code from being stolen or tweaked by 

> third parties? I have in mind an Active Server Page software application 

> hosted on third party corporate networks. I do not want them easily 

> deciphering or changing the code.

> 

> regards

> 

> Simon

> Dear list,

> 

> What is the best way to protect ASP code from being stolen or tweaked by 

> third parties? I have in mind an Active Server Page software application 

> hosted on third party corporate networks. I do not want them easily 

> deciphering or changing the code.

> 

> regards

> 

> Simon



ASP code cannot directly be protected from people who have direct access 

to the Server. 

The only way would be to encapsulate the functionality that you want to 

protect into a component. Very easy with VB. 

This will not only protect your code but should (if coded correctly & 

prefably use MTS), give you a performance/scalability boost. 



One thing dont create/put objects in the App or Session objects.



Hope this helps



Tim M



+++++

If objToErr Is objHuman Then Set objForgive = New objDivine

Tim;



Regarding your reply to Simon advising against putting info

into the Session object: I am working on migrating an Access

database application to ASP.NET. After a user supplies the

username and password needed for logging into SQL Server I

put the connection string into the Session so that at the

next page request the server side will be able to reconnect

to the database for further processing. Could you comment on

the motives for not putting things like that into the Session

object and perhaps mention a better way to handle database

reconnection. Thanks.



Lou



-----Original Message-----

From: Tim M [mailto:hunuman@f...]

Sent: Saturday, August 25, 2001 3:10 PM

To: ASPToday Discuss

Subject: [asptoday_discuss] Re: Protecting ASP from pilfering and change





> Dear list,

>

> What is the best way to protect ASP code from being stolen or tweaked by

> third parties? I have in mind an Active Server Page software application

> hosted on third party corporate networks. I do not want them easily

> deciphering or changing the code.

>

> regards

>

> Simon



ASP code cannot directly be protected from people who have direct access

to the Server.

The only way would be to encapsulate the functionality that you want to

protect into a component. Very easy with VB.

This will not only protect your code but should (if coded correctly &

prefably use MTS), give you a performance/scalability boost.



One thing dont create/put objects in the App or Session objects.



Hope this helps



Tim M



+++++

If objToErr Is objHuman Then Set objForgive = New objDivine

Lou,



There is no problem holding basic data types such as strings in Application

or session objects. Holding State is what these ASP objects are meant to be

used for.

The problem only applies to objects. Objects held in app/session eat up

server resources (threads/mem/connections). When you get beyond a certain

number of users (dependent on your app), your server will slow down and even

come to a grinding halt.



As regards the best way to handle ADO DB connections in ASP. Dont.

What you should do is create MTS/COM+ object(s) which return descrete data

or disconnected recordset(s).

Objects running under MTS/COM+, if properly coded, allow database

connections to be pooled.

Avoid business/data logic in ASP pages. ASP should be used for

Client/presention tier functionality. Though with the use of MTS/COM+

ObjectContext you dont even need it for that.



Best wishes



Tim M



+++++

If objToErr Is objHuman Then Set objForgive = New objDivine