Security of ASP code

Results 1 to 3 of 3

Thread: Security of ASP code

  1. #1
    Keith Myers Guest

    Default Security of ASP code

    Someone told me that ASP pages are not as secure as I thought, and whilst they are run on the server and all that you see in your browser is html output, I have since been told that it is possible to view the source of an asp page, is this true??

  2. #2
    Join Date
    Dec 1969

    Default RE: Security of ASP code

    It is not possible to view the source of an ASP page unless the person is able to gain access to the folder/directory where the page is located on the server. Of course, you can permit directory browsing, but it&#039s not recommended. ASP pages are processed on the server, which means the client will never see anything but HTML.<BR><BR>

  3. #3
    Join Date
    Dec 1969

    Default RE: Security of ASP code

    I&#039m reaching way back in my brain for this so I don&#039t remember all the details. I read somewhere long ago that in an early version of IIS (1.0 or possibly BETA), someone discovered that there was something you could type after the ASP filename which caused the server to send the entire file without ever parsing out the ASP code. It was either some encoded symbol or they changed the file extension.... hmmmm, I don&#039t remember the details, but it shocked me at the time.<BR><BR>In any case, it was promptly fixed with a patch and remedied in the next version of IIS. As long as you use common sense with your directory permissions, no one should ever gain access to your ASP source code.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts