StarDestroyer.Net BBS

As the subject suggests I want to encrypt my aspx pages on a website I've recently developed.
Naturally because I've spent a large chunk of my time working the site out I don't want some lazy bastard who can't be arsed to take the time to figure out how to do it himself to steal my code.

I have looked at HtmlProtector, and whilst it encrypts the html sections it does not work on the asp sections of the pages.

Could someone please suggest a program that will allow me to encrypt the source code.

Thanks in advance for any suggestions.

Google'd 'encrypt ASPX', these links should help somewhat.
Link 1 & Link2.

Um... what's the point? It's not as if a person accessing the page will be able to see the source code, because it gets compiled when the page is first accessed. To actually see your source, they'd need ftp access or similar to be able to get the asp page itself, which they should be able to get.

Mr CorSec wrote:As the subject suggests I want to encrypt my aspx pages on a website I've recently developed.
Naturally because I've spent a large chunk of my time working the site out I don't want some lazy bastard who can't be arsed to take the time to figure out how to do it himself to steal my code.

I'm confused. If your server is working write, your users should never be able to see your ASPX source code.

When someone requests an ASPX page, the server runs a routine that builds an HTML page to your specifications and sends that; the original ASPX code never gets sent to the user's browser.

Ted C wrote:

Mr CorSec wrote:As the subject suggests I want to encrypt my aspx pages on a website I've recently developed.
Naturally because I've spent a large chunk of my time working the site out I don't want some lazy bastard who can't be arsed to take the time to figure out how to do it himself to steal my code.

I'm confused. If your server is working write, your users should never be able to see your ASPX source code.

When someone requests an ASPX page, the server runs a routine that builds an HTML page to your specifications and sends that; the original ASPX code never gets sent to the user's browser.

My primary concern is that someone might decide to reverse engineer the code somehow.

Mr CorSec wrote:

Ted C wrote:

Mr CorSec wrote:As the subject suggests I want to encrypt my aspx pages on a website I've recently developed.
Naturally because I've spent a large chunk of my time working the site out I don't want some lazy bastard who can't be arsed to take the time to figure out how to do it himself to steal my code.

I'm confused. If your server is working write, your users should never be able to see your ASPX source code.

When someone requests an ASPX page, the server runs a routine that builds an HTML page to your specifications and sends that; the original ASPX code never gets sent to the user's browser.

My primary concern is that someone might decide to reverse engineer the code somehow.

Is it really that valuable to you? It's not like plain HTML (or ASP) hasn't been done elsewhere. As said above, the actual ASP code stays on the server and never leaves in any form, only the stuff it generates (the HTML). Unless your app is thousands of lines long and/or does something valuable/unique, it's not worth protecting (and this is your ASP which never leaves the server in the first place).

If you're silly enough to bother encrypting the generated HTML, there is stuff that will do it for you w/ javascript, but it can be trivially cracked (since the browser has to see it), and you'll really cut down your compatibility.

Since you need someone to explain these things to you, it's doubtful it's worth hiding.

Your code is almost certainly not worth the effort of reverse engineering, even if they could get something other than the output.

Thanks for the comments guys, I have since beaten the person responsible for suggesting this round the head repeatidly. (Thats what I get for starting a IT company with my father)

While someone might be able to reverse-engineer the HTML to figure out what ASP.NET tags you used, it would be pretty near impossible for them to figure out the underlying logic that manipulates your data.

When you get down to it, a certain amount of code-copying is impossible to prevent when you put a page on the internet, and there's probably nothing so special about your ASP.NET code that it's worth protecting.

Nonetheless, you can put a copyright disclaimer in your template to discourage casual copying, if you so desire.

If you really want to, there is an alternate project definition (which you can download from Microsoft) that will compile the project into a set of DLLs only and also build a deployment MSI file. No source will have to exist on your servers at all.

That said, someone could potentially grab the DLLs and then use a program like Reflector to inspect it, but that's a bit overkill.