Is there a way I can encode or protect my source code written in ASP...

I am selling an online store for a clients, and don't want thim to login through FTP to his server and download the source code.

if you don't want someone downloading your source code then why don't you just edit permissions so only certain users can view the files under FTP?

Yea, what Bullschmidt is about the best you can do with ASP... with PHP is better cuz instead of using lines you just separate it with a ; so you can optimize a whole script into 1 line (or a few) which makes it almost impossible to work with.

<edit> There's no components that can do that.

pmormr wrote: if you don't want someone downloading your source code then why don't you just edit permissions so only certain users can view the files under FTP?

I'm using Ensim Control Panel... no such an option

Bullschmidt wrote: Or you could use a code optimizer to remove things like comments and extra white space such as code indents.  That would make the resulting code rather hard to work with.

Yes.. I think this is a good way....

I will make his life  if he thought to read the code...

I will add some extra codes to camouflage...

I will add do some CDONTS function in certain pages notifing me if the system is used elsewhere...
i.e. If NOT Request.ServerVariable("HTTP_HOST") = "thedomain" THEN send me an email.

he won't steal it I think.. I am just taking precautions....

zMaestro wrote: I will add do some CDONTS function in certain pages notifing me if the system is used elsewhere... i.e. If NOT Request.ServerVariable("HTTP_HOST") = "thedomain" THEN send me an email. he won't steal it I think.. I am just taking precautions....

Crafty!

Script Encoder is a simple command-line tool that enables script designers to encode their final script so that Web hosts and Web clients cannot view or modify their source. Note that this encoding only prevents casual viewing of your code; it will not prevent the determined hacker from seeing what you've done and how.

Web designers use scripting on Web pages and server-side active server pages (.ASP) to add virtually every kind of feature you can imagine. In addition, scripting is used by the Windows® Scripting Host (WSH) and in a number of other applications with equally impressive results.

Up to now, one of the shortcomings of using scripts is that they afford no protection of the intellectual property contained within, nor do they provide any assurance that what users get is what you created. Clever algorithms and carefully designed scripts were always completely visible because they were stored as plain text. As a result, script users at every level could see the script designer's code and could then take it, modify it, and make it their own. Obviously, this is not good if you're trying to get an edge in a very competitive environment.

With the introduction of scriptlets, protecting the source code becomes even more important. Script designers want to use this simple component architecture, but they don't necessarily want to share their source code with the world. After a script is encoded, changing any part of the resulting file will render it inoperable, thus ensuring the absolute integrity of your encoded script.

http://msdn.microsoft.com/downloads/ - http://msdn.microsoft.com/downloads/

Good answer 3B but remember that a DETERMINED AND SAVVY person could try using something like this to unencode something generated by the Windows Script Encoder:

http://www.klaphek.nl/nr6/scrdec.html - http://www.klaphek.nl/nr6/scrdec.html

I guess DETERMINED AND SAVVY person is able to built his own stuff, instead of stealing someone else's code. However... you know, that you will never have 100% protection from anything

p.s. I guess my nick looks kinda weird... ok, it means "beast" in russian :)

Actually... let me develope my previous post - why do we need this protection. We just want to secure our future incomes from this client. This is our small insurance, that client will not hire someone for $8/hr to add something to application, or even modify it and sell to someone else. If he will need to unencode it he will need professional, who asks $50-100/hr, but in this case he can just call us back :)))

Personally, I think it is a complete waste of time to even bother trying. You don't have to be all that savvy or determined. For client side code protection, you only need to know how to use the javascript escape and unescape methods.

For the other stuff, even PHP is useless. Copy. Paste in text editor. replace ';' with ';[ CrLf ]'.

If you need to protect your code, you need a DLL or something like that. It needs to be compiled. Reverse engineering script languages is trivial. Binary takes a lot more work.

ASP.NET might offer a better solution.

Bluefrog, I tried it once with one of my clients - http://www.wheelchair.com - www.wheelchair.com and it worked just perfect without any DLLs. So, I guess since I use standard Microsoft encoding and site is running on Microsoft' ASP they use same program to unencode all scripts before executing them.

So, 2 things I know for sure - such thing as encoding exist and it works fine.

I'm just pretty skeptical of anything short of strong encryption. Anytime I'm bored put my mind to it, I've got whatever it is cracked in reasonable time (5 min ~ a day). But I don't bother with things that can't be cracked reasonably either.

I supposed it depends on who your clients are.