Protecting your ASP code

By ServerWatch Staff (Send Email)
Posted Jun 18, 1998


Paul Smullen
One of the major drawbacks in using Active Server Pages is that the code you create cannot be compiled. Although this is a serious concern for many ASP users, Microsoft have only indicated a minor priority in dealing with the issue.

This is a very serious issue for software developers as there is nothing stopping a client from taking the code you develop for them and giving any future development or maintenance work to a competitor. Companies should consider this issue when signing contracts and ensure that the intellectual rights to the code remains with them after delivery. Even if the company requests the source code, which is often the case, you do not want a disgruntled client's employee taking the code and moving to one of your competitors.

One of the major drawbacks in using Active Server Pages is that the code you create cannot be compiled. Although this is a serious concern for many ASP users, Microsoft have only indicated a minor priority in dealing with the issue.

Another issue is unnecessary support. Although in an ideal world the code you provide will reside on a server with restricted access by people who will not tamper or alter it, we do not do business in an ideal world. With any other Windows development environment you simply ship your compiled code and if a problem arises a simple re-installation is all that is needed. With ASP the client may claim that there is bugs in the code caused by poor quality programming when the cause could be an over ambitious employee in the client company.

If you are using ASP for developing an in-house intranet site then this problem does not effect your company too much. It is only relevant if you sell the code you produce to a third party.

I have oulined some options available to you for getting around this issue.

Host the site...
If your company has hosting capabilities then ideally you would host the application yourself. This would prevent your client from even seeing the code and more importantly prevent anyone from stealing or altering it.

Use DLLs to hide your business rules...
Active Server Pages can use any ActiveX DLL created in Visual Basic or C++. One approach is to take critical sections of your code - those that define your business rules and database queries - and place them into objects in an ActiveX DLL. Check back later for an article explaining how to create such a component.

Use AspCodeLock...
There is server component available at http://www.serverobjects.com/products.htm#AspCodeLock
The description from the web site;
"This product will allow you to encrypt ASP script code at development time. AspCodeLock will dynamically decode the script when requested by IIS and execute it under the ASP environment. Your ASP code is processed in memory and is not written unencrypted to disk by AspCodeLock."

I have not personally evaluated this product but it seems it will do what is required in order to hide your source code. When evaluating you should take note of the speed of the application before and after using it.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.


 

 


Thanks for your registration, follow us on our social networks to keep up-to-date