ASP Works Protection scheme

Source: Internet
Author: User
Tags access database security mysql trim access database client
Since the advent of ASP (Active Server Pages), ASP technology has been popular with more and more network programmers as it can create robust, maintainable, platform-independent applications, and more people are using ASP for Web development. But the ASP is only one kind of not compile, runs in the server side script language, uses the clear text (plain text) way to write, even if uses the ASP encryption program to encrypt the ASP source code, also may not guarantee that publishes to the running environment the ASP application does not have the illegal copy. For highly privileged administrators, you can easily copy ASP programs from the server side to other unauthorized web sites. This brings some difficulties to the application commercialization of ASP. How to effectively protect the developed ASP program, this paper based on the randomness of disk serial number, combined with Microsoft's official free ASP script Encryption program SCRENC.EXE, a good solution to this problem.
The disk serial number, referred to as the disk ID, is a randomly generated disk identification information when the disk is formatted, and is a volume serial number. Two times the same machine format randomly generated serial number of fixed format the same probability is almost zero, the later version of DOS and Windows, Winnt Use this disk identification, so the disk serial number is often used for commercial software for encryption. Switch from windows9.x to MS-DOS, type the dir command to return to, the screen appears the current volume label serial number information, this similar "0A48-1CD7" serial number is a 16 binary number. Some software that uses deadlines will require users to request a new license serial number (use license) online after the expiration date. This authorization sequence number is quite part of the use of static disk serial number combination of time generated. After installing the software, the program can not be used even if it is illegally copied to a non-initial installation environment.

These ideas with VC, VB and Deliphi programming language are easy to achieve, then, in the ASP how to achieve it? VBScript, as a robust, secure user language, is limited by the client system, cannot handle the API calls on the client, or directly manipulate the files and other controls on the client. So this paper uses VBScript and combines ASP built-in component filesystem to realize the above thought. The following procedures can be applied to the actual ASP application system according to the specific situation.

As an example, this paper uses Access database security mechanism, in practical application, can be used in other formats of data stored in the file. To facilitate elaboration, we first built an Access database Id.mdb (the password is "KXJ"), built a driveinfo table, the data structure is as follows:

ID (autonumber);
Serno (text, 12, disk serial number (10));
Wrimark (number, 1, write disk sign,).


Description

The Wrimark value of 0 means that the legal user does not have a system installed, and a value of 1 indicates that the system is installed. When the value is 1 and the serial number does not match the current disk, the user is determined to be illegally copied.

When initialized, a new record is defined first, each field initial value is 1,12345678,0.

In the same directory, such as C:\INTERPUB\WWWROOT, place home default.asp, legal user home success.asp, illegal installation user prompts page fail.htm and Id.mdb serial number repository.

Each ASP file is written as follows:

1, with FrontPage (or Notepad), a new ASP file Default.asp, input the following program code:

<title> Sample </title>
<% Dim conn,fs,f
Set conn = Server.CreateObject ("ADODB. Connection ")
Conn.Open "Driver={microsoft Access driver (*.mdb)};uid=;p wd=kxj;dbq=" &server.mappath ("Id.mdb")
Set Fs=server.createobject ("Scripting.FileSystemObject")
Testdrive=server.mappath ("/driveinfo.") ASP ")
' Get the current disk letter by MapPath
Testdrive=left (testdrive,3)
Set F=fs.getdrive (testdrive)
' Call the Getdrive method, giving the drive a variable
Mysql= "SELECT * from DriveInfo where id=1"
Set Rscheck = Server.CreateObject ("ADODB. Recordset ")
Rscheck.open mysql,conn,1,1
Fser=trim (F.serialnumber)
' Get Current disk serial number
Strserno=trim (Rscheck.fields ("Serno"))
Strmark=rscheck.fields ("Wrimark")
If Strserno <> fser and Strmark=0 Then
' If first installed, the write disk flag is 1
Session ("Pass") =true
' Define user session and set as global ASP document identification variable
Set rsmain = Server.CreateObject ("ADODB. Recordset ")
mysql1= "Update driveinfo SET serno=" &FSER& ", wrimark=1"
Rsmain.open mysql1,conn,1,2
Response.Write ("<a Href= ' success.asp ' >setup
successful! WELCOME to ACCESS the website! </a> ")
Set rsmain=nothing
Else
If Strserno=fser Then
' If legitimate users enter again legally
Session ("Pass") =true
Response.Write ("<a Href= ' success.asp ' >you ARE by the AUTHORIZED WEBSITE to ACCESS! </a>")
Else
' Illegally copying users '
Session ("Pass") =false
Response.Write ("<a Href= ' fail.htm ' >it is illegal to COPY the WEBSITE ' S ASP DOCUMENT. You are ARE not RIGRT to use the program. </a> ")
End If
End If
Response.Write ("<br>")
Response.Write ("Volume serial number in drive" &testdrive)
Response.Write (F.serialnumber)
Response.Write ("<br>")
Response.Write ("Volume hex serial number in drive" &testdrive)
Response.Write (Hex (F.serialnumber))
Response.Write ("<br>")
' As a demo, this program lists the current disk serial number (16)
Set f=nothing
Set fs=nothing
%>


2, in the legitimate user can access the various ASP file headers, add the following code:

<% If session ("pass") =false Then
' Judge the session variable and jump out of the ASP file illegally
Response.Redirect ("fail.htm")
End If
%>


3, with the ASP encryption program (such as Microsoft's SCRENC.EXE, other ASP encryption program can also) on each ASP file encryption.

Running screnc-l VBScript source.asp destination.asp in DOS means that the source file source.asp generates a new file destination.asp containing ciphertext ASP scripts. Screnc. EXE can be downloaded at the Microsoft Company site (http://www.microsoft.com free).
The above program code is passed in Simplified Chinese NT4.0, IIS3.0 and Simplified Chinese PWIN9.8, PWS4.0.



Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.