|
Hide ASP source code [Standard ASP encryption]
General information [Standard ASP encryption]
By default, HTML Guardian will only encrypt the server-side parts of the
code for .asp files.
That's the code enclosed within <% ......
%> delimiters, and it's usually the most important
part of the asp file. So it's quite important to
hide asp source code
, or, in other words, to encrypt it so that it can't be reused in other
asp projects.
By default, the rest of the code (client-side code) will remain unencrypted,
and the code visitors see in their browsers will be unencrypted.
The following is also possible:
 You can encrypt
client-side html and script code contained in ASP files.
You can encrypt includes,
and you can include an encrypted file in another encrypted file
You can use all the additional
protection options for .asp files (except password protection).
But HTML Guardian will not do this automatically.
Your files need to be prepared for that or to comply with some requirements.
Please carefully read the sections below.
Encrypting client-side html / script
code [Standard ASP encryption]
You can encrypt any desired portion of the client-side code in an .asp file
(html and / or client-side scripts), but this will not be done automatically.
You have to specify which parts of the client-side code to be encrypted
by enclosing them within these html comment tags (case sensitive):
<!--hgasp_s -->
... here comes the client-side code you want to be encrypted ...
<!--hgasp_e -->
The code enclosed within these comment tags should be a pure client-side
code. It should not contain any server-side code (<%
.... %>) or commands (like #INCLUDE)
- otherwise client-side code encryption will be aborted (in such case
a new entry will be added to the Error
Log. No visual alerts will be displayed).
Client-side code can't be encrypted for includes.
There are two methods to encrypt client-side code:
client-side code is encrypted only in the ASP source - in this
case the client-side code will be encrypted in the ASP source, but
will not be encrypted in the response ASP server generates and sends
back to the browser. So you can't hide ASP source code (or more precisely
- you can't hide html source generated by the ASP server) - if the
visitors click View-->Source
in their browsers, the entire source code they will see will be unencrypted.
This option will hide asp code only in the .asp files source,
but not in the response generated by the server.
client-side code is encrypted both in the ASP source and in the response
ASP server generates and sends back to the browser. If the visitors
click View-->Source in their browsers, the client-side code from
the ASP file will be encrypted. Note that the code dynamically generated
by the server will appear unencrypted.
You can toggle between the two methods by pressing CTRL + ALT + A
keys (this is a temporary change, not remembered after restarting the program). Press F4 at any time to see the current setting. You can
permanently change this settings from the General
Settings window.
If you want to encrypt only client-side scripts, you may just put them
in a separate .js file and encrypt it.
Encrypting includes [Standard
ASP encryption]
It is a common practice to use includes if you want to insert the same
piece of code in many files. Normally, you can include any .asp file
in any other.
But to ensure proper encryption, HTML Guardian needs to know whether
the asp file being encrypted will be used as an include in other files
or not.
To mark an .asp file as an include, insert this comment somewhere in
it (like at the end of the file):
<!--hgaspinclude -->
ASP files encrypted as includes can't be used as standalone files. ASP
files encrypted as standalone files can't be used as includes. If you
have a file used both as a standalone and as an include, you should
make a second copy of it - then encrypt one copy as an include(with
the above comment tag inserted) and the other as a standalone file.
Files with .inc extension are always treated as includes, you
do not have to insert this tag in them.
Client-side code can't be encrypted for includes.
Additional protection options can't be used for includes.
Note: Only encrypted .asp files can use encrypted includes. A
non-encrypted .asp file that uses an encrypted include will most likely
not work. An encrypted .asp file may use encrypted or non-encrypted
includes, or both types together.
Using the additional encryption
options for .ASP files [Standard ASP encryption]
You can use all additional protection options that HTML Guardian provides
for .asp files, except the password protection option. The following
should be observed:
- The .asp file should have <HEAD>
and </HEAD> tags.
These tags should NOT be a part of the server-side code (they
should NOT be between <% .... %>
delimiters).
These tags should NOT be a part of code marked for client-side
code encryption (they should NOT be between <!--hgasp_s
--> .... <!--hgasp_e --> tags).
Below are some examples:
Incorrect |
Incorrect |
Correct |
.....
<%
...........
Response.Write("<HEAD>")
...........
%>
....... |
.....
<!--hgasp_s -->
<HEAD>
............
</HEAD>
<!--hgasp_e
-->
..... |
......
<HEAD>
<!--hgasp_s
-->
..some client-side code..
<!--hgasp_e
-->
<%
..some server-side code..
%>
<!--hgasp_s -->
..some client-side code..
<!--hgasp_e
-->
</HEAD>
........ |
Here the <HEAD> tag is a part
of the server-side code |
Here the <HEAD> and </HEAD> tags are marked for client-side
code encryption |
- The opening <HEAD> tag should look this way: <HEAD>
(case doesn't matter)
There should be no additional information in it, like <HEAD id="abc">.
In case you need to add something to the opening <HEAD> tag, you
should do this after the encryption.
- if your .asp file does not start with @LANGUAGE directive, like
<%@ LANGUAGE = VBScript %>
or <%@ LANGUAGE = JScript %>
, HTML Guardian will assume the scripting language is VBScript. In some
rare cases the asp server where your site is hosted may be configured
to use JScript as a default scripting language. If this is the case, you
should insert <%@ LANGUAGE = JScript
%> at the very beginning of each .asp file you want
to protect (this should be the first line of code).
Additional protection options can't be used for includes.
What "Not Encrypted" message means?
This is not an error message. In HTML Guardian Personal edition there
is a limit for the file size of the .asp files that can be encrypted
(when using the Standard ASP encryption). If the file being encrypted
exceeds this limit, the 'Not encrypted' message appears. In Professional &
Enterprise edition this limitation is removed. You can hide asp source
code (encrypt asp source) for any .asp file, no matter of its size.
|
