| Author |
 Topic Search  Topic Options
|
3BEPb 
Groupie
Joined: 07 August 2003
Location: United States
Status: Offline
Points: 81
|
 Post Options
 Thanks(0)
 Quote  Reply
 Posted: 26 September 2003 at 12:10am |
Microsoft® Scripting Technology - Microsoft® Script Encoder
Overview
|
|
Script Encoder is a simple command-line tool that enables script designers to encode their final script so that Web hosts and Web clients cannot view or modify their source. Note that this encoding only prevents casual viewing of your code; it will not prevent the determined hacker from seeing what you've done and how.
Web designers use scripting on Web pages and server-side active server pages (.ASP) to add virtually every kind of feature you can imagine. In addition, scripting is used by the Windows® Scripting Host (WSH) and in a number of other applications with equally impressive results.
Up to now, one of the shortcomings of using scripts is that they afford no protection of the intellectual property contained within, nor do they provide any assurance that what users get is what you created. Clever algorithms and carefully designed scripts were always completely visible because they were stored as plain text. As a result, script users at every level could see the script designer's code and could then take it, modify it, and make it their own. Obviously, this is not good if you're trying to get an edge in a very competitive environment.
With the introduction of scriptlets, protecting the source code becomes even more important. Script designers want to use this simple component architecture, but they don't necessarily want to share their source code with the world. After a script is encoded, changing any part of the resulting file will render it inoperable, thus ensuring the absolute integrity of your encoded script.
http://msdn.microsoft.com/downloads/
|
 |
3BEPb
Groupie
Joined: 07 August 2003
Location: United States
Status: Offline
Points: 81
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 September 2003 at 12:10am |
|
Actually, ref to my prev - that's what I'm using.
|
|
Bullschmidt
Groupie
Joined: 31 May 2003
Location: United States
Status: Offline
Points: 72
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 September 2003 at 12:21am |
Good answer 3B but remember that a DETERMINED AND SAVVY person could try using something like this to unencode something generated by the Windows Script Encoder:
http://www.klaphek.nl/nr6/scrdec.html
Edited by Bullschmidt
|
J. Paul Schmidt, Freelance ASP Web Developer
www.Bullschmidt.com
Classic ASP Design Tips, ASP Web Database Sample (Freely Downloadable)
|
|
3BEPb
Groupie
Joined: 07 August 2003
Location: United States
Status: Offline
Points: 81
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 September 2003 at 12:26am |
I guess DETERMINED AND SAVVY person is able to built his own stuff, instead of stealing someone else's code. However... you know, that you will never have 100% protection from anything 
p.s. I guess my nick looks kinda weird... ok, it means "beast" in russian :)
Edited by 3BEPb
|
|
3BEPb
Groupie
Joined: 07 August 2003
Location: United States
Status: Offline
Points: 81
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 September 2003 at 12:33am |
Actually... let me develope my previous post - why do we need this protection. We just want to secure our future incomes from this client. This is our small insurance, that client will not hire someone for $8/hr to add something to application, or even modify it and sell to someone else. If he will need to unencode it he will need professional, who asks $50-100/hr, but in this case he can just call us back :)))
|
|
Bluefrog
Senior Member
Joined: 23 October 2002
Location: Korea, South
Status: Offline
Points: 1701
|
Post Options
Thanks(0)
Quote Reply
Posted: 27 September 2003 at 9:42am |
Personally, I think it is a complete waste of time to even bother trying. You don't have to be all that savvy or determined. For client side code protection, you only need to know how to use the javascript escape and unescape methods.
For the other stuff, even PHP is useless. Copy. Paste in text editor. replace ';' with ';[ CrLf ]'.
If you need to protect your code, you need a DLL or something like that. It needs to be compiled. Reverse engineering script languages is trivial. Binary takes a lot more work.
ASP.NET might offer a better solution.
|
|
3BEPb
Groupie
Joined: 07 August 2003
Location: United States
Status: Offline
Points: 81
|
Post Options
Thanks(0)
Quote Reply
Posted: 28 September 2003 at 12:21am |
Bluefrog, I tried it once with one of my clients - www.wheelchair.com and it worked just perfect without any DLLs. So, I guess since I use standard Microsoft encoding and site is running on Microsoft' ASP they use same program to unencode all scripts before executing them.
So, 2 things I know for sure - such thing as encoding exist and it works fine.
|
|
Bluefrog
Senior Member
Joined: 23 October 2002
Location: Korea, South
Status: Offline
Points: 1701
|
Post Options
Thanks(0)
Quote Reply
Posted: 28 September 2003 at 6:38am |
I'm just pretty skeptical of anything short of strong encryption. Anytime I'm bored put my mind to it, I've got whatever it is cracked in reasonable time (5 min ~ a day). But I don't bother with things that can't be cracked reasonably either.
I supposed it depends on who your clients are.
|
|
|
|
