IIS Development

IisDev

>  Home
>  News

 

Articles

>  Code Samples
>  ASP.NET
>  Security

 

Components & Tools

>  Free Components

 

Service

>  Links
>  Contact us

Security Articles

MS Script Encoder Decoded
In the article Obfuscating ASP Scripts I demonstrated how ASP scripts can be rendered unreadable by means of the MS Script Encoder. I also said that this will only work as a defense against the average user, but not against a determined attacker who really wants to get at the source code. To emphasize this warning, today I will present a tool for inverting this code obfuscation.

Trap Alert: Files that aren't
As a matter of fact, everybody ought to be familiar with the FileSystemObject - it is used for reading and writing files as well as for certain important operations (e.g. deleting) on files and directories. However, it is little known what Windows (NT/2000) actually considers to be a file - this goes well beyond files residing on disk drives.

Limiting Component Use
Anybody operating more than one site per server - and this concerns not only ISPs - will possibly confront the situation where a component installed on the server is supposed to be accessible by certain Web sites only. The reason for this is that either the customer paying for it is supposed to be the only one to use it (and not by other web sites coincidentally running on the same server) or that certain components are security sensitive (e.g. business logic components).

Unbreakable Encryption Using One Time Pads
In the aftermath of the terrorist attacks on the World Trade Center the debate on the role of encryption technologies in terrorist communications has - yet again - heated up. Focal point in these discussions always is the use of backdoors in encryption algorithms by government agencies - i.e. how agencies can listen in on communication without the consent of the (encrypting) parties involved.

 

©1998-2018 Christoph Wille. All rights reserved.
All content and images on this site are copyright. Reuse (even parts) needs our written consent.