by Jeremy Broyles
One of the many benefits of ASP and server-side scripting is that only the results of your scripts are sent to the client. This makes it tougher for hackers to copy your site’s design by simply viewing the source on the client side.
If you’re using ASP, chances are you’re using #INCLUDE directives somewhere in your site. Includes make Web development more efficient by reducing the need for redundant code. However, they can also provide a roundabout way for a hacker to view the code behind your site.
For example, let’s say that most of your site’s server-side script is contained in the file myscript.inc. If a hacker typed in the URL www.yoursite.com/myscript.inc, the file’s contents would be displayed to the client as-is, revealing the source code for the scripts along with everything else.
A simple way to avoid giving away your ingenious scripts in this manner is to use the .ASP-naming convention with include files that contain server-side script. Then, even when the correct file is requested, the Active Server engine will process the script and send only the results to the client.
Drats! Foiled again!
Jeremy Broyles is Editor-in-Chief of Active Server Developer's Journal and Microsoft Web Builder, both publications of The Cobb Group.
Copyright © 1998 The Cobb Group, a division of Ziff-Davis Inc. The Cobb Group and The Cobb Group logo are trademarks of Ziff-Davis Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff-Davis is prohibited.