The application of disk ID in the ASP source anti-copy

Since the advent of ASP (Active Server Pages), ASP technology has been increasingly being used to create robust, easily maintainable, platform-independent applications.
The love of many network programmers, the use of ASP to engage in web development and more people. But the ASP is just a compiler-only script language that runs on the server, using
PlainText (plain text) way to write, even if the use of ASP encryption program to encrypt the ASP source code, it is not necessarily guaranteed to publish to the operating environment of the ASP should
Use the program not to be illegally copied. For highly privileged administrators, you can easily copy ASP programs from the server side to other unauthorized web sites. This gives the ASP
The application of commercialization has brought about some difficulties. How to effectively protect the developed ASP program, this article based on the randomness of disk serial number, combined with Microsoft's official free
Provides the ASP script encryption program SCRENC.EXE, solves this problem very well.

The disk serial number, referred to as the disk ID, is a randomly generated disk identification information when the disk is formatted, and is a volume serial number. Two times of the same machine format random
The same probability of producing a fixed-format serial number is almost zero, and the later version of DOS and Windows and Winnt all use this type of disk identification, so the disk sequence
is often used for use in commercial software for encryption. Switch from windows9.x to MS-DOS, type the dir command, and then enter, and the screen appears with the current volume label sequence
Number information, this "0A48-1CD7" serial number is a 16 binary number. Some software that is used for a limited period of time will require users to be online
Request a new Authorization serial number (use license). This authorization sequence number is quite part of the use of static disk serial number combination of time generated. After the installation is complete
Software, programs cannot be used even if they are illegally copied to a non-initial installation environment.

These ideas with VC, VB and Deliphi programming language are easy to achieve, then, in the ASP how to achieve it? VBScript as a robust, secure user
Language, which is limited by the client system, cannot handle the calls to the APIs on the client, or directly manipulate the files and the controls outside the file system on the client. Because
This paper uses VBScript and combines ASP built-in component filesystem to realize the above thought. The following procedures are modified slightly according to the situation and can be applied to the actual
ASP application System.

As an example, this paper uses Access database security mechanism, in practical application, can be used in other formats of data stored in the file. For the sake of elaboration, we first
Build an Access database Id.mdb (the password is "KXJ"), build a driveinfo table, the data structure is as follows:

ID (autonumber);
Serno (text, 12, disk serial number (10));
Wrimark (number, 1, write disk sign,).

Description

The Wrimark value of 0 means that the legal user does not have a system installed, and a value of 1 indicates that the system is installed. When the value is 1 and the serial number does not match the current disk, an illegal copy is determined
User.

When initialized, a new record is defined first, each field initial value is 1,12345678,0.

In the same directory, such as C:\INTERPUB\WWWROOT, place home default.asp, legal user home success.asp, illegal installation user Prompt page
Fail.htm and Id.mdb serial number repository.

Each ASP file is written as follows:

1, with FrontPage (or Notepad), a new ASP file Default.asp, input the following program code:

<title> Sample </title>
<% Dim conn,fs,f
Set conn = Server.CreateObject ("ADODB. Connection ")
Conn.Open "Driver={microsoft Access driver (*.mdb)};uid=;p wd=kxj;dbq=" &server.mappath ("Id.mdb")
Set Fs=server.createobject ("Scripting.FileSystemObject")
Testdrive=server.mappath ("/driveinfo.") ASP ")
' Get the current disk letter by MapPath
Testdrive=left (testdrive,3)
Set F=fs.getdrive (testdrive)
' Call the Getdrive method, giving the drive a variable
Mysql= "SELECT * from DriveInfo where id=1"
Set Rscheck = Server.CreateObject ("ADODB. Recordset ")
Rscheck.open mysql,conn,1,1
Fser=trim (F.serialnumber)
' Get Current disk serial number
Strserno=trim (Rscheck.fields ("Serno"))
Strmark=rscheck.fields ("Wrimark")
If Strserno <> fser and Strmark=0 Then
' If first installed, the write disk flag is 1
Session ("Pass") =true
' Define user session and set as global ASP document identification variable
Set rsmain = Server.CreateObject ("ADODB. Recordset ")
mysql1= "Update driveinfo SET serno=" &FSER& ", wrimark=1"
Rsmain.open mysql1,conn,1,2
Response.Write ("<a Href= ' success.asp ' >setup
successful! WELCOME to ACCESS the website! </a> ")
Set rsmain=nothing
Else
If Strserno=fser Then
' If legitimate users enter again legally
Session ("Pass") =true
Response.Write ("<a Href= ' success.asp ' >you ARE by the AUTHORIZED WEBSITE to ACCESS manager,welcome
> ")
Else
' Illegally copying users '
Session ("Pass") =false
Response.Write ("<a Href= ' fail.htm ' >it is illegal to COPY the WEBSITE ' S ASP DOCUMENT. ARE not RIGRT to
Use the program. </a> ")
End If
End If
Response.Write ("<br>")
Response.Write ("Volume serial number in drive" &testdrive)
Response.Write (F.serialnumber)
Response.Write ("<br>")
Response.Write ("Volume hex serial number in drive" &testdrive)
Response.Write (Hex (F.serialnumber))
Response.Write ("<br>")
' As a demo, this program lists the current disk serial number (16)
Set f=nothing
Set fs=nothing
%>

2, in the legitimate user can access the various ASP file headers, add the following code:

<% If session ("pass") =false Then
' Judge the session variable and jump out of the ASP file illegally
Response.Redirect ("fail.htm")
End If
%>

3, with the ASP encryption program (such as Microsoft's SCRENC.EXE, other ASP encryption program can also) on each ASP file encryption.

Run screnc-l VBScript source.asp destination.asp in DOS, that is, the source file source.asp generated a new
File destination.asp. Screnc. EXE can be downloaded at the Microsoft Company site (http://www.microsoft.com free).
The above program code is passed in Simplified Chinese NT4.0, IIS3.0 and Simplified Chinese PWIN9.8, PWS4.0.