Search : 
  Powered by FindinSite

ASP Documentation
• Introduction
• Getting started
• Dynamic-CD wizard
Passwords & Encryption
• Overview
• Example 1
• Example 2
• The script language
• Script examples
• Database scripts
Technical details
• Applications
• Built-in objects
• Character Encoding
• Cookies
• Database CDs
• Development tips
• FAQs
• Future developments
• Global.asa
• Network support
• Object registration
• Resources
• ScriptingContext
• Server-side includes
• Sessions
• Technical limits
Password protection and Encryption

Password protection
Pages can be password protected so that users have to enter a password before they can view the page.

Use Dynamic-CD-Wizard to password protect a page, a directory, or an entire directory path.

Because Dynamic-CD runs from a CD rather than over the Internet, all the pages it serves are located on the CD and could be examined by your customers. Dynamic-CD-Wizard encrypts password protected pages so that they cannot be viewed "off-line" when Dynamic-CD is not running.

Script files that contain sensitive information can also be encrypted by Dynamic-CD-Wizard so that they cannot be viewed directly. For example, a script file might contain a list of usernames and passwords. Once encrypted, only Dynamic-CD will be able to read the script.

The encryption process takes a source script file, say "myScript.asp", and produces an encrypted version in your CD image directory. The encrypted script file has the same name as the original, but is incomprehensible unless processed by Dynamic-CD.

For example,

Source file : myScript.asp CD image file : myScript.asp
Hello World
]]l-1É)'8Ω.+Xb^ ]EVQҫi0
njb^\C ..X X.{A0Ir^_(.wj=.cϟ g
.M'. vz}. [ޟs.UE&;h...|#&lѝ.woT

Dynamic-CD recognises encrypted script files and decrypts them automatically. This automatic decryption process takes place in memory and the original source script file is never seen by the user.

Dynamic-CD-wizard can be used to encrypt all ASP scripts so as to keep their contents hidden. This option is disabled in the evaluation version.

Protecting other files
The Dynamic-CD-Wizard can password-protect any file.

In practice, only files that would be requested by a browser, such as HTML pages and image files, should be password-protected by Dynamic-CD-Wizard. Files that are to be read directly by a script, for example, should not be password-protected in this way - the script would not be able to read them.

To protect a Microsoft ACCESS® database, for example, the database should be password-protected by the Microsoft ACCESS® database management system. When a script tries to open such a database, the script needs to supply the password.

For more information about using and protecting databases, click here : Database Support.

How secure is the Dynamic-CD encryption algorithm?
Dynamic-CD encryption is a version of the Vernam Cipher which "of all the methods of encryption ever devised, is the only one has been mathematically proven to be completely secure."

The Dynamic-CD encryption algorithm is a simplified version of the Vernam Cipher that has been chosen for speed and size. The degree of security provided is adequate for most normal purposes and cannot be broken by anyone other than a very determined cryptologist.

To confirm the degree of encryption, try zipping up a file that has been encrypted by Dynamic-CD. The compression achieved is typically zero, indicating that the file is truly random. For example, a typical 4 mega byte MS WORD® .doc file can normally be 90% compressed by WinZip. After encryption by Dynamic-CD, the compression achieved by WinZip is 0% - that is, it cannot be compressed and hence is random.

A future version of Dynamic-CD will provide a full version of the Vernam Cipher (and a prime number factor encryption algorithm for those that consider this to be secure).

© Copyright 2000-2007 PHD Computer Consultants Ltd