The K Zone, Home

About Me

K View

Projects

Papers

Gallery

Email
 

 

  
  A review of security techniques used in protecting Active Server Pages (ASP) - Page 2

 

Back to Contents Page

  
 

 

Background

What is ASP?
Active Server Pages were developed by Microsoft to simplify server-side programming. ASP is almost as efficient as writing code directly to the server's application program interface, and it's a lot more efficient than CGI because it runs as a service and can take advantage of multithreaded architectures [2].
Initially only Microsoft products could create code in ASP, furthermore VBScript (a descendent of Visual Basic) and JScript (a descendent of JavaScript) was developed by Microsoft as the ASP scripting languages. Seeing the error of their ways (and the chance to expand) Microsoft duly evolved ASP into an open framework technology. This allows other (non-Microsoft) products to create code in ASP and for the code to be written in any language.


How does ASP Work?
A server-side script is responsible for generating an ASP. Thus when a request is made for a specific ASP from a browser the respective server-side script is run and an .asp file is produced and sent to the client's web server. The web server calls ASP and it processes the .asp file from top to bottom, executing any scripts commands, and sends the resulting web page to the requesting browser. As a result of all the script residing on the server side all the processing required to generate the HTML pages is carried out by the clients web server [3].


ASP application structure
The ASP client/server application architecture is commonly formed of four parts as illustrated in Figure 1.

Figure 1. Basic ASP client/server application architecture [1]

Between each of these parts, communication takes place as client requests are processed by first the web server then the application server and finally the database server. The results are then communicated back to the client, via their browser.


The communication between each of these points takes place over a TCP/IP connection. TCP/IP connections offer no security against attacks thus the application of external security techniques is required to protect data against potential threats. Figure 2 illustrates the techniques that can be applied and between what points they're applicable.

Figure 2. The application of security techniques to secure communications between points [1]

These techniques will form the basis of our review along with alternative techniques that offer similar security functionality.

Next Page

 

  

Home | About Me | K View | Projects | Papers | Gallery | Email