A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.
I am writing a piece of software in ASP and I make extensive use of includes in my software. Before I make a release, I was thinking I should copy the contents of each include into the body of the ASP page so that I no longer have includes in the release version.
The end result then is to encode the ASP page so that it isn't easily readable.
Do you think there is any value to copying the includes in or should I just leave them the way they are?
You should ship the software in a form that you're prepared to maintain.
What I mean is, inevitably, something is going to go wrong. The line number in the error message may very well be the most useful piece of information that the customer can give you. However, that line number will apply to the obfuscated version that you sent the customer, rather than your pristine source. You'd better be prepared to debug the obfuscated version directly.
IMHO removing the includes will make your program less maintainable. It'll also bloat the initial download and any patches which you send to customers.
Quite honestly, this sort of thing always comes across to me as amateurish. If you're concerned about clients viewing your code, write the critical parts as ActiveX components in some compiled language.
Sunday, April 10, 2005
If you're going to build some sort of automated tool to do this to obfuscate things, don't bother. All of your files are going to be bloated and once you have to support/fix a live version (for a respectable surcharge of course) it's going to be a nightmare.
Monday, April 11, 2005
Actually I think that includes make it slightly hard to crack other people's code, so I'd leave it in.
One thing I do sometimes (although nearly all of my stuff is hosted on my own webserver) is run some stuff though encoding functions I've written (so for instance, on one I encrypted the database strings, not hard to get around, but enough to stop the casual user)
Tuesday, April 12, 2005
With your include files, make sure the file extension is .asp NOT .inc (As microsoft suggests). Most internet hosts don't have .inc registered as an asp file, and so they can be viewed like any other text file (and therefore all your database connection details are visible too...).
If the extension is .asp, then the server will try and interpret it as an asp file, and a blank page is all that will result from looking for it.
I realise this is something many people know, but it ensures that your includes can't be easily opened by just putting the URL into the browser directly.
You people are going to be really pissed if Micrsosoft builds decent refactoring tools into Visual Studio for ASP. Or maybe they'll work out how to prevent bad hackers from using tools that are ideal for defeating obfuscators. :)
Monday, April 25, 2005
This topic is archived. No further replies will be accepted.Other recent topics
Powered by FogBugz