Home page logo
/

webappsec logo WebApp Sec mailing list archives

Re: ASP security in HTML pages
From: Nasir Ghaznavi <nasirghaznavi () gmail com>
Date: Wed, 23 Jun 2004 05:20:26 +0500

On Tue, 22 Jun 2004 12:42:02 +0100, Bénoni MARTIN
<benoni.martin () libertis ga> wrote:

Hi list,

I have been googling around to know how secure can be ASP code, and I found what follows:
- For a newbee, impossible to get the asp scripts inserted in an HTML page as they are not displayed in the client's 
browser,

You dont Insert ASP in HTML page, you do the opposite, i.e., you
include the HTML code inside ASP page. The ASP part is never sent to
the browser, it is processed on the server, so its secure if you code
securely and server permissions are properly setup.
 
- Instead of just letting the ASP code in the HTML pages, we can create some DLLs for example, but a not-to-bad 
skilled hacker can get and reverse them.

If the DLL is executing on the server then i dont know how can a
hacker get them, if they are propoerly placed and security permissions
are setup correctly, btw you have to use some scripting language to
call the dll.
 
So, my question to you, skilled-people :) is: is there a way to get the asp scripts in a page the server does not 
send when a client's request arrives? There should be a way to ^perform that, but how tough is it?

The server never sends the ASP code to the client if it is properly configured.


Thanks in advance, folks!



Nasir Ghaznavi


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault