How to encrypt ASP codes without using screnc.exe?

hi all,

Does anyone out there know how to encrypt the entire ASP file? That means when a person tries to view my ASP source code, it will display as rubbish.

Can't use Script Encoder (srcenc.exe) cause out there in the market exist a freeware Script Decoder (scrdec.exe) which can easily decode back the file to its original state.

Anyone? I would like it if you could provide some thoughts or guidance. Thanks a million.

if that encrypted file had to be run it would have to be recognized by ASP. there is only the one encrypting that i know of that is recognized by MS ASP.

how is this person viewing your ASP page?

thanks for your comment nopoints. my situation is like this.

i code html with vbscript to get the .asp file, so i want everything inside the <% , %> , <script> and </script> to be encoded into rubbish.

srcenc.exe from Microsoft supports this function perfectly.
that means who ever runs my ASP file thru internet, they can still view the page as normal. And who ever opens and reads my ASP source file, they will see it as rubbish text.

... but then there is this script called scrdec.exe which decodes everything back to its original state.

to answer your question, who ever gets hold of the asp source code.

e.g,
- if i host my ASP files on any web hosting company in the market, my ASP files would also be exposed to that hosting company, and they could probly decode it & change a bit of cosmetic layout and resell it as their own software. And this would be software piracy. That means it is useless if i copyright my software based on ASP technology.

I was just wondering if there is any other way to encrpyt or scramble the codes so that no one will ever read it except me WITHOUT using the screnc.exe?

to all you guys/gals who code asp and sell your software, how do you overcome this problem?

thanks again.

thanks unatratnag. i've already been to that site as well as other paying sites.

if i could come out with my own encryption, then it would be great. I guess if i have no choice, then i'll buy from them.

ahh, i see

well, i usually don't encrypt the files themselve and try them to be use, i just have "secure" servers so i don't have much expertise to help you out with encrypting with functionality.

I've never tried a web application before, but have you looked into creating a wrapper for your program, i've had success with this and some perl scripts. The only thing is that if you write your own encryption/decryption algorithm, that algorithm will be in plain sight and your hijackers will look into that algorithm and possibly come up with a crack. The only thing i can think of is if the decrypter ran with a passphrase, where you had to enter it which was also added into the encrypt algorithm, this defeats the purpose of a web application with annoymous browsing though, so it seems to be quite the fix......

I'm not exactly sure how you'd do this without purchasing a plan already in implementation since this alone is a pretty big project and it woudl be more expensive to create your own rather than purchase one, that's all i can think of.... good luck my friend.

you are right. if we publish our asp files in OUR own secure servers, then i wouldn't be having this problem. I am developing my own web applications (freelancing) based on asp and am selling out to customers.

And i wouldn't want the virtual web hosting or outside web hosting company to pry open and steal my code and resell them. It would really suck.

I guess it kinda makes sense to use the third party encryption method.

It's just a personal achievement thing, if can come up with own encrpytion, then it would be 100% my effort.

thanks again for your thoughts.

You're looking for a secure answer here. If there's a tested, proved, and marketable answer, i'd highly recommend going with that one. Investigate first so you know that it actually is a good product of course.

You have your typical choice. If you spent a lot of time programming your solution it would certainly be more expensive to you in terms of time money or grief. If you didn't spend much time one it, it's probably not be that secure. If this company sells their product with the sole purpose of encrypting/adding another layer of security to your programs, i'd be willing to pay the license fees over developing my own for both money and security reasons.

If you're doing this as a freelance prof, perhaps look into getting dedicated lines/dr servers? That or a service provider with better private policies. Plus if you CAN encrypt your programs should you choose to make your own or invest, you can gut the clients for source code fees But i guess that all depends on how good your contract is with the companies you're doing business with...

to unatratnag & whoever else is reading this,

i tried downloading the trial s/w suggested by unatratnag & tested it.

before encrypt :
on one 10kb asp file (153 lines)

after encrypt using their s/w :
my asp file became 15kb (245 lines)

tried opening the encrypted file, and i could NOT see any coding at all, totally blank except line numbers only. COOL!! only setback is the whooping 5kb of extra space. just imagine if you have 300 files per website project!!

anyway, just to let whoever is reading out there to know my findings. btw, i am not promoting them or their s/w, just to let u know my findings so that you guys don't have to go through the same procedure of downloading, installing and testing out.

Keep in mind 15k is what's stored on the server, <10k is what will be sent to the client after processing. There will be a performance hit with the translation but that's impossible to avoid.

Even if you are able to come out with own codes to encrypt the asp page to make the codes look like rubbish. I don't think it's possible for the browser to read it. I have tried it. Till now i still failed.

For me, i can't buy the software because my company doesn't want to. So by hook or by crook i must come out with something by the end of this month. Wish me luck guys.

hi unik,

i wish you all the very best.

Hello
If you are prepared to use a local server, you can use Dynamic-CD to encrypt ASP code. The product is designed to distribute ASP websites on CD, but you can use it locally also.
See http://www.dynamic-cd.com
JC

thanks for the info JC. will look into it.

um... this is my first post, but i just wanted to know if anyone could figure out this code [i dont know if it's encrypted or not]

(0)F121A1D1722772262FA121B32FF1B271A61B132EA2B393D355915211DE.(0)24313333
E383D3415381D1DF2A3C192CF382B29AD19F2C1F212D37357133115231F22303E3A3E222
E3B2F291F2330283C2E3E18.

if anyone can, thanx