I have encrypted my ASP File. But when i run it in browser it fails. How to execute that asp file so that my application could run ?
how to decrypt it, it is encrypted using a tool , how do I decrypt it while execution ? I don't want that anybody whom I give that file , sees the code of the file , but could only execute it and use it.
Ah, I think I understand:
ASPEncrypt is a component you can use to encrypt files using ASP or ASP.NET. It is NOT a tool to encrypt your ASP(.NET) source code files with.
You're looking for something like Microsoft script encoder (I don't know if it's still available), you want your sourcecode to be unreadable right?
There are tools that claim to do this, but there isn't one I know of that can't be reversed. So it's only a small obstacle if someone really wants to get their hands on your code.
Here are some more tools that claim to do this.
I hope one of them suits your needs.
Related
I saw this question:
ASP.NET File Upload: how can I make sure that an uploaded file is really a JPEG?
and similar questions about being sure of the file being uploaded through asp:FileUpload control in ASP.net is really image. But What If users upload virus-infected images? How can I be insured of the image files being uploaded via my ASP.net application does not affect the files in my web app folder and/or images uploaded by other users?
As long as you don't serve it back to anyone as anything other than an image (content-type) and never trying to execute (.exe) the file you'll be fine.
Most anti-virus software run whats known as an "on-access scan". That is, when a file is changed, it automatically scans that file.
So save that file to the file system and let your server's anti-virus software do the work for you.
I'll take what is likely a somewhat controversial position.
There is no way to know with 100% certainty what the intent of a file is, be it good or evil. It is impossible. AV scanners give you a slice of data but they can't give you 100% guarantees either. No one can.
Given this reality, you need to build your app assuming that all files uploaded are bad. Yes, scanning is still fine and will filter out a bunch of stuff. But it will never be 100%. Is it 99.999% or 20%? Who knows. Does it really matter?
I would build any app today assuming that all user supplied content is bad. Very bad. Hostile bad. Because eventually it will be if you make it. And when it is, you'll be ready for them...rather than all the people that have to rearchitect their app because they made bad assumptions early on.
With a bit more data about your exact concerns, I'd be happy to comment on them more specifically...
As a side note, In older version of IIS (6 or prior versions) It could be possible to change FileName to the real malicious file name after save the file with original filename. Which has possibility to be read and execute regularly by the server.
E.G. set the file name like: file.asp;.jpg or file.asp%00.jpg etc...
It also has a possibility to change target directory by manipulation of file name. Which is extremely dangerous
E.G. newfolder.asp::$Index_Allocation or etc...
There is also some new way of attacks. Read more here.
I have written a simple ASP.NET MVC 2 application that stores data and can dynamically create excel files using Microsoft's openXML for excel files.
What is the best way to push changes the user makes in excel to my database? I know it can be done via file upload, but this is rather obtrusive to the end user to navigate to my site, select upload, and then select their file.
Is there a way to do 1 click publishing from the excel file using VBA? VBA can interact with the database directly, but this seems dangerous from a data security standpoint, and duplication of logic.
Do web services work with the MVC architecture? How do I get a vba macro enabled document to send itself to the server?
For anyone out there looking for a fix, I ended up using vba's InternetExplorer.Application object and interacting with an upload form on my site.
For more info on the upload form check out:
http://haacked.com/archive/2010/07/16/uploading-files-with-aspnetmvc.aspx
For more info on VBA and the InternetExplorer.Application object check out:
www.motobit.com/tips/detpg_uploadvbaie/
You might take a look at Sql server integration services for bulk upload of data into sql server. The integration services once created can be run using a normal c# desktop program or using a windows service.
But you might
need to make sure this happens in the background and will have to be
an asynchronous task.
also need to make sure it is properly secured
by not giving direct execute access to any other users
I'm assuming that this is for a specific user. I've done something very similar to what you are describing before.
Tell the user to save the excel file in their DropBox and share the file with you.
Have the server listen for changes to this file and run a server side routine to import the data.
Disclaimer: This is not a secure solution, but it's easy and will get the job done.
I had seen the answers of the questions related to mine .But still I am not sure how to store the user information taken from Qt dialogue box on file and then encrypt it ,so that no one else can read it .The other thing is that how to match the password and user name which is pre-specified in the file I had encrypted earlier..
if i understand you correctly, you just want to make an application that asks for authentication at application start-up, correct?
If that is the case, it is easy. The basic steps are as follows.
Keep the username and password in a file (since Unix does not have a registry). The file does not need to be encrypted at all (plain text will do). You can use xml for this. The data (text) in the xml file however that you write (the data... not the tags) should be written such that the strings that you write into the file are encrypted using a hash. Just look up hashing in C++ (SHA, MD5, etc). The decription/encrytion key can be hard coded in you application.
Then for the application logic. The first thing you show the user is the login window. If they fail loop it or exit application. Basically only when correct authentication info is provided you kill the login windows and kick-start the main application window.
Perhaps you should take a look at the QCA examples.
They have some nice examples of how-to use crypto in similar situations.
QCA is not standard in Qt but can be added on all platforms.
I have a .ddb file that is used as a telephone directory for an application written in flash/VB.net (i guess). The problem is that the application is crashing and my only was to access the application is through the mysterious (*.ddb) file (99% of the application size.)
The application contains an also mysterious dll (NK_SQLite.dll).
So far I have tried:
SQLite Browser
tried opening the file in PL/SQL
tried opening the file in SQL Server
Any ideas about how to solve this issue,
Is it possible that the DDB extension is misleading? Have you tried opening it as a CAB or ZIP file? The NK_SQLLite.dll file certainly makes it sound like a SQLLite database but again it could be a red herring.
Another possibility... if any of the code is .NET, have you tried disassembling it? You might get some hints about what's going on that way, so long as it's not obfuscated. If you're unfamiliar with how to do that, I would recommend a tool like RedGate's Reflector (http://www.red-gate.com/products/reflector)
Is there a file upload control for ASP.Net which performs a client-side checksum calculation (CRC, MD5, etc) on the file contents and transmits the checksum to allow for server-side checksum validation?
I have looked through answers on several file upload questions, but did not find this feature mentioned anywhere.
From javascript you won't be able to detect the size of a file in the client computer. Javascript runs inside a sandbox and cannot access local system files, which will be a ecurity violation.
You can use silverlight and can get the file size and calculate the sum. You can check this
Silverlight File Uplaod
You'll need some client code to open your file, compute that check sum and to post it to your webserver with your file content; you can't do that with plain javascript, as you're not supposed to have access to your user filesystem.
But, just like #Dan Herbert commented out into your question, to use a client application like Flash, Java applet or Silverlight to execute that. I just wanted to make a more complete answer and to explain why you can't do that.