Norbert
|
| Posted: 01/30/2006, 8:56 AM |
|
I am about to develop application in asp or asp.net (not decided yet). I would like to protect source code of this application.
For PHP I am using ioncube encoder, and I would love finding tool like that for asp/asp.net
Do you know (and tested maybe) any tool that could be helpful for asp environment?
Thank you in advance
Best regards
Norbert
|
|
|
 |
Benjamin Krajmalnik
|
| Posted: 01/31/2006, 6:38 PM |
|
There are many "ASP encryptors" out there who advertise.
Don't buy any of them. They are not encrypting.
Essentially, they are using the Microsoft encoder.
If you decide to go this route let me know. I have a simple process nd
batch file to encode the files.
What I do is the following:
1. Move all asp fikles to a directory called "preencoded"
this diretcory has a ssundirectory called "encoded"
2. The batch file encodes all of the files from preencoded into encoded.
Different files need to be encoded with different settings or else the pages
will not run.
|
|
|
|
Marcus
Posts: 49
|
| Posted: 02/01/2006, 12:51 PM |
|
Ben,
can you send us a short example of the input/output ? I too would not want to share my ASP scripts with the world. Using php is not an option.
|
 |
|
Benjamin Krajmalnik
|
| Posted: 02/01/2006, 1:13 PM |
|
My directory looks as follows:
Application
preencoded
encoded
The following batch file resides in the preencoded directory:
screnc *.asp .\Encoded
screnc -xl *_events.asp .\Encoded
screnc -xl Header.asp .\Encoded\Header.asp
screnc -xl Footer.asp .\Encoded\Footer.asp
screnc -xl tp?config.asp .\Encoded\tp?config.asp
screnc -xl tsp*.asp .\Encoded\
screnc -xl Navigator.asp .\Encoded\Navigator.asp
screnc -xl Common.asp .\Encoded\Common.asp
screnc -xl Classes.asp .\Encoded\Classes.asp
screnc -xl Cache.asp .\Encoded\Cache.asp
screnc -xl Adovbs.asp .\Encoded\Adovbs.asp
screnc -xl Template.asp .\Encoded\Template.asp
screnc -xl Sorter.asp .\Encoded\Sorter.asp
The script first encodes all files using the standard method (which adds a
VBScript.Encoded header). However, each page call can only have one of
these. As a result, I go on and issue a call to reencode all of the
includable pages with the -xl switch so thay can be loaded from within the
main script page.
It uses the Microsoft Script encoder. Just be aware that this is not bullet
proof. The savvy end user will be able to unencode without much trouble
using available decoders.
There is really no solution to encrypt ASP. I was working with a guy out of
Ireland who has a true encryptor, but it requires registration of a server
side component, and it was just too slow.
If you are very conerned about your IP, then you may want to look at using
ASP.Net, since the generated cose is essentially p-code which, even if
decoded, will not reveal the source (althugh it can be used for reverse
engineering).
All of my new projects are now PHP using the ioncube encoder. However, they
will not be out to marker for a while. My existing line of products will
not be ported to PHP - at least not in the foreseeable future :)
|
|
|
|
Vasiliy
Posts: 378
|
| Posted: 02/01/2006, 3:12 PM |
|
Thanks Benjamin for a valuable solution.
Btw, I thought you mostly use ASP. Why did you change to PHP?
Vasiliy.
P.S.:
I'm still working on data export and form save/resore at spare time.
Hope result will be next week.
_________________
Vasiliy |
|
|
|
Benjamin Krajmalnik
|
| Posted: 02/06/2006, 1:10 PM |
|
Long story.
Our first set of products is a complement to a Windows CRM package running
on SQL Server 2000. Since the infrastructure was a Windows infrastructure,
and we did not feel like supporting installing PHP and everything that goes
along with that we decided to develop in ASP. After I was aout 80% done I
decided to move to .Net, but hit a few roadblocks in the .Net architecture -
specifically inability to retrieve a column value from the recordset without
a control in place in the grid, and since I could not control the order of
the control creation it caused some problems.
I like PHP much more than ASP. It is a very complete language. For
example, we wrote some PHP wrappers around the InfoSoft Global graphing
objects, as well as a few other custom classes. Writing them in PHP was a
pleasure due to the richness of the language. Porting them tp ASP was a
real pain.
Our new project (a web based front end to our network monitoring solution)
is being written in PHP. Backend is PostgreSQL. I migrated it from SQL
Server. In addition to the richness of PHP vis-a-vis ASP, another reason is
the ability to better protect my intellectual property. Code protection
with ionCube's encoder is much stronger than the solution I posted for ASP.
It takes me 2 secomnds to unencode any ASP program (or encrypted SQL Server
dtored procedure for that matter), since they are using a known key. There
are plenty of tools out there. Whoever wants access to my ASP code can get
it. My php code, well, that is another matter altogether.
On another note, if you need to support internatinoalized applications where
the SQL Server uses locales you may want to look at a post I made in the
tips and solutions. Required a few mods to the base classes and the
datepicker.js. The way I handle it is I templatized datepicker.js, store it
in a TPS blob, and then do a search/replace for tokens to insert the correct
value as per the backend SQL server.
|
|
|
|
Walter Kempees
|
| Posted: 02/06/2006, 1:22 PM |
|
B,
On PhP and securing the source, any comments on Zend offering both tight
encryption and performance optimalization?
If new to you, you first heard it here !
W
"Benjamin Krajmalnik" <kraj@illumen.com> schreef in bericht
news:ds8e0v$p85$1@news.codecharge.com...
> Long story.
>
> Our first set of products is a complement to a Windows CRM package running
> on SQL Server 2000. Since the infrastructure was a Windows
> infrastructure,
> and we did not feel like supporting installing PHP and everything that
> goes
> along with that we decided to develop in ASP. After I was aout 80% done I
> decided to move to .Net, but hit a few roadblocks in the .Net
> architecture -
> specifically inability to retrieve a column value from the recordset
> without
> a control in place in the grid, and since I could not control the order of
> the control creation it caused some problems.
>
> I like PHP much more than ASP. It is a very complete language. For
> example, we wrote some PHP wrappers around the InfoSoft Global graphing
> objects, as well as a few other custom classes. Writing them in PHP was a
> pleasure due to the richness of the language. Porting them tp ASP was a
> real pain.
>
> Our new project (a web based front end to our network monitoring solution)
> is being written in PHP. Backend is PostgreSQL. I migrated it from SQL
> Server. In addition to the richness of PHP vis-a-vis ASP, another reason
> is
> the ability to better protect my intellectual property. Code protection
> with ionCube's encoder is much stronger than the solution I posted for
> ASP.
> It takes me 2 secomnds to unencode any ASP program (or encrypted SQL
> Server
> dtored procedure for that matter), since they are using a known key.
> There
> are plenty of tools out there. Whoever wants access to my ASP code can
> get
> it. My php code, well, that is another matter altogether.
>
> On another note, if you need to support internatinoalized applications
> where
> the SQL Server uses locales you may want to look at a post I made in the
> tips and solutions. Required a few mods to the base classes and the
> datepicker.js. The way I handle it is I templatized datepicker.js, store
> it
> in a TPS blob, and then do a search/replace for tokens to insert the
> correct
> value as per the backend SQL server.
>
>
|
|
|
|
Benjamin Krajmalnik
|
| Posted: 02/06/2006, 8:09 PM |
|
I looked at Zend's offerings before going the ionCube route.
Pricing for ionCube was better, and I have only heard good things about it.
I believe ionCube encoded files work with Zend Optimizer as well.
BTW, you may want to take a look at PostgreSQL.
I have been porting a monitoring application from SQL Server to PostgreSQL
and I am really liking the features of PostrgreSQL. If you want more
particulars let me know via private e-mail, but its feature set is really
great.
|
|
|
|
Walter Kempees
|
| Posted: 02/07/2006, 2:52 AM |
|
PSQL known and used.
MySQL catching up fast.
But both are appreciated by me as being stable solid and strong.
Mind you in my working life I had to Oracle everything in Client/Server
environs
grtz
"Benjamin Krajmalnik" <kraj@illumen.com> schreef in bericht
news:ds96im$eup$1@news.codecharge.com...
>I looked at Zend's offerings before going the ionCube route.
> Pricing for ionCube was better, and I have only heard good things about
> it.
>
> I believe ionCube encoded files work with Zend Optimizer as well.
>
> BTW, you may want to take a look at PostgreSQL.
> I have been porting a monitoring application from SQL Server to PostgreSQL
> and I am really liking the features of PostrgreSQL. If you want more
> particulars let me know via private e-mail, but its feature set is really
> great.
>
>
|
|
|
|
Walter Kempees
|
| Posted: 02/07/2006, 3:18 AM |
|
sorry, MySQL catching up fast, I meant MySQL is catching up fast with PSQL's
fucntionality.
"Walter Kempees" <kempe819@planet.nl> schreef in bericht
news:ds9u62$qat$1@news.codecharge.com...
> PSQL known and used.
> MySQL catching up fast.
> But both are appreciated by me as being stable solid and strong.
> Mind you in my working life I had to Oracle everything in Client/Server
> environs
>
> grtz
>
> "Benjamin Krajmalnik" <kraj@illumen.com> schreef in bericht
>news:ds96im$eup$1@news.codecharge.com...
>>I looked at Zend's offerings before going the ionCube route.
>> Pricing for ionCube was better, and I have only heard good things about
>> it.
>>
>> I believe ionCube encoded files work with Zend Optimizer as well.
>>
>> BTW, you may want to take a look at PostgreSQL.
>> I have been porting a monitoring application from SQL Server to
>> PostgreSQL
>> and I am really liking the features of PostrgreSQL. If you want more
>> particulars let me know via private e-mail, but its feature set is really
>> great.
>>
>>
>
>
|
|
|
|
Benjamin Krajmalnik
|
| Posted: 02/07/2006, 4:44 PM |
|
My main concern with MySQL is that InnoDB is now owned by Oracle.
So, Oracle pretty mcuh now has MySQL by the you know what :)
With PostgreSQL, I really like the fact that you can have arrays, their
"network" data types, and just yuesterday I discovered their "Record"
structure, which is essentially a dynamic buffer to hold the contents of any
select.
Came in really handy for our new application (a web based front end to our
network monitoring solution, where I call a stored procedure which performs
real time aggregation and data roll-ups). Arrays came in super handy on
this one :)
|
|
|
|
Walter Kempees
|
| Posted: 02/07/2006, 4:49 PM |
|
B,
Hey I said I did Oracle for a long time so now Oracle does others 
No really MySQL strong team, good product.
But I agree on PSQL's advanced abilities, no argument there.
Even on my development server (small old boy) bot function with speed.
But as I do a lot of commercial stuff and almost all Hosting accounts
include MySQL most is done that way.
But your choices sound solid enough.
We are off topic though, sorry world.
W
"Benjamin Krajmalnik" <kraj@illumen.com> schreef in bericht
news:dsbetb$kdb$1@news.codecharge.com...
> My main concern with MySQL is that InnoDB is now owned by Oracle.
> So, Oracle pretty mcuh now has MySQL by the you know what :)
>
> With PostgreSQL, I really like the fact that you can have arrays, their
> "network" data types, and just yuesterday I discovered their "Record"
> structure, which is essentially a dynamic buffer to hold the contents of
> any
> select.
> Came in really handy for our new application (a web based front end to our
> network monitoring solution, where I call a stored procedure which
> performs
> real time aggregation and data roll-ups). Arrays came in super handy on
> this one :)
>
>
|
|
|
|
boris
Posts: 14
|
| Posted: 05/31/2006, 4:57 PM |
|
Benjamin,
I've been reading this post with interest and was wondering if you could shed some more light on what you wrote.
Quote :It takes me 2 secomnds to unencode any ASP program (or encrypted SQL Server
Do you mean you could view the ASP Source Code (the stuff inside the <%.....%>) of a page? I thought that all that code was processed on the server and wouldn't be seen by the user.
Is there a way a user could view that code and steal it if they wanted to?
|
|
|
|
Edd
Posts: 547
|
| Posted: 06/01/2006, 7:14 PM |
|
Boris,
Another alternative is to compile your code - See:
http://www.intorel.com/Products/ActiveSiteCompiler/overview.asp
Their demonstration, the last time I tried it, used a CodeCharge based project as their base. They, seem to have their act together and I don't think the pricing is too bad for commercial relality.
Edd
_________________
Accepting and instigating change are life's challenges.
http://www.syntech.com.au |
|
|
|
|
