Re: Internal attacks on web application

["Greg Merideth" <gmerideth () ftnj net>]

.net web pages can be compiled into .dll's and placed on a webserver.
While it doesn't hide the HTML completely, being a .dll it cannot be
viewed across a web browser.

Also, .net applications can be written and compiled as a regular
windows library .dll, placed into the /bin folder and imported into
each page that needs to call the compiled methods.

There are methods that you can implement that would encrypt database
passwords in your web apps that I'm sure would work in both perl, .net
or whatever your favorite programming language is.

Applications such as zend optimizer can secure your php applications
or you can write your base code as a c# (or vb) app, compile to a .dll
and distribute that.

On 8 Jun 2006 16:33:07 -0000, krisleech () interkonect com
<krisleech () interkonect com> wrote:
> We are moving some of our products from tradional client/server to web based applications. The problem is all languages 
> aimed at building web apps are JIT compiled (interpreted) therefore you have to distribute source code or bytecode. 
> Bytecode is easily reversed to code.
>
> This leaves us with a problem, the application and data are open to internal attack. Firstly code can be injected (very 
> easily in languages like ruby), encryption keys can be read, as well as database passwords.
>
> We have looked at Java, .NET and Ruby, all have the same problem, they can not be compiled to native code.
>
>
> Any suggestions would be very helpful.
>
> Kris.


--

Greg Merideth
Forward Technology, LLC.
CTO & Other Wild Stuff
gmerideth () forwardtechnology net
866.432.7152 x 111
973.556.1069 Fax
PGP Fingerprint
D0FCCD39743A6ABF87470A87EDE382594968A60A
"10b|~10b" - Shakespeare