I hope this question is in the right forum...my question is I have a customer who wants to somehow encrypt or protect the asp files for his website. Not the rendered html/javascript, but rather from other admins viewing the vbscript code. Can anyone offer some insight or suggestions on approaching this? Thank you in advance!

I take it that the other admins have access to the server and the folder which the files are in?

yes, I suppose they would. Could he restrict access by windows login to the folder or file? I think this is one option, but is there another level of access or a different approach altogether? thanks.

If it is a remote server that they access via ftp, then they can change the user levels of the other admins and lock them out of a certain directory. This is providing that your client has the necessary admin level themselves.

beta,
i believe it is a local server, where the customer and other admins(the ones he wants to restrict access) are all on site. The asp files will be the virtual directory to the web world. His concern is that he does not want anyone(admins) checking out the vbscript coding, which grants paid users access to certain areas of the site. He suggested encrypting the asp, which I find kind of funny. Any thoughts?

I don't think that encrypting the files would be the right answer. Maybe they should think about just downloading a simple program that password protects folders.

beta,
that sounds like a better solution altogther. do you recommend any software package or program that protects folders via passwords or is this an option in windows os? thanks so much for your help!

There are plenty on downloads.com (http://www.download.com/3120-20_4-0.html?qt=password+folder&tg=dl-20&search.x=10&search.y=8).

thanks beta for all your help!

No problem :)

Originally posted by beta
I don't think that encrypting the files would be the right answer. Maybe they should think about just downloading a simple program that password protects folders. What is to stop someone with admin access from ending this program?

PeOfEo,
I checked out a couple of software packages and both of them say that you(admin) must have a password to uninstall the software. So the admin that installed it of course would have set up the password to begin with, also there is a master key that is tied to the registration # of the purchased product just in case.

Originally posted by mcrpds
PeOfEo,
I checked out a couple of software packages and both of them say that you(admin) must have a password to uninstall the software. So the admin that installed it of course would have set up the password to begin with, also there is a master key that is tied to the registration # of the purchased product just in case. Yes, but all processes running can be seen in task manager and ended there too. So if the program has to be running to protect the dir then the admin would be able to end the process and presto. I would say windows usr accounts would be the best way to secure a directory, but the administrator's account will be able to lord over them all (they can reset account passwords). Encryption of asp documents is not a viable solution, but maybe one bit of code or database contents. But if you want to encrypt some code you might need to use a two way encryption algorythm and I just think that if the admin wants to get in they can find your key and use your algorythm to decrypt the code anyway. However you can encrypt db contents like passwords with a one way algorythm and not have to worry.


I think your best option is to compile your source code into a dll.