Since the advent of ASP (Active Server Pages), because it can create a strong application system that is easy to maintain and does not matter the platform, ASP technology has been loved by more and more network programmers. many. However, ASP is just a non -compilation type, a script language running on the server side. It is written in plain text. Even if the ASP encryption program is used to encrypt A
SP applications are not illegally copied. For high authority administrators, you can easily copy the ASP program from the server to other unauthorized websites. This brings some difficulties in commercialization of ASP applications. How to effectively protect developed ASP programs, based on the randomness generated by the disk serial number, combined with the official ASP script encryption program screanc.exe provided by Microsoft officially solved this problem.
Disk serial number, referred to as disk ID, is a disk identification information generated when the disk is formatted. It is a volume sequence number. Two formats of the same machine to randomly generate a fixed format serial number are almost zero. The later versions of DOS and Windows and Winnt use this disk identification method. Therefore use. Switch from Windows9.x to MS-DOS, and type the DIR command to return. The current scroll sequence number information appears on the screen. This serial number similar to "0A48-1CD7" is a hexadecimal number. Some software used for a period of time will be required to apply for a new authorized serial number (using permit) online after the use period is available. A considerable part of this authorized sequence number uses a static disk sequence number binding time. After the installation, the program cannot be used even if the program is illegally copied into the non -initial installation environment.
The above -mentioned thoughts are easy to achieve in programming language of VC, VB, and Deliphi. So, how to achieve it in ASP? VBScript, as a strong and secure user language, is limited by the client system. It cannot handle the calls of the API on the client, nor can it directly manipulate controls outside the client's file and file system. Therefore, this article uses VBScript and combines ASP built -in component Filesystem to achieve the above ideas. The following procedures are slightly modified according to the specific situation, which can be applied to the actual ASP application system.
As an example of explanation, this article uses the ACCESS database security mechanism. In practical applications, data stored in other formats can be used. To facilitate elaboration, we first build an Access database ID.mdb (password "KXJ"), and build a DriveInfo table internal. The data structure is as follows:
ID (automatic number);
SERNO (text, 12, disk serial number (10 -in));
Wrimark (number, 1, writing logo).
illustrate
The Wrimark value is 0 means that the legal user has not installed the system, and the value is 1 representing the installation of the system. When the value is 1 and the serial number does not match the current disk, it is determined to be illegal copying users.
When initialization, first define a new record, the initial value of each field is 1,12345678,0, respectively.
In the same directory, for example, under C:/Interpub/WWWROOT, place the homepage default.asp, legal user homepage success.asp, illegal installation user prompt page Fail.htm and ID.mdb serial number storage library.
The writing operation of each ASP file is as follows:
1. Use FRONTPAGE (or NotePad) to create a new ASP file default.asp and enter the following program code:
<Html>
<Head>
<Title> SAMPLE </Title>
</Head>
<% Dim conn, fs, f
Set conn = server.createObject ("Adodb.connection")
conn.open "driver = {microsoft access driver (*.mdb)}; uid =; pwd = kxj; dbq =" & server.mAppath ("ID.mdb")
set fs = server.createObject ("scripting.filesystemObject")
testdrive = Server.mappath ("/DriveInfo.asp"))
'' Obtain the current disk formation with MAPPATH
testdrive = left (testdrive, 3)
set f = fs.getdrive (testdrive)
'' Call the getDrive method and give the drive a variable
MySQL = "Select * From DriveInfo Where ID = 1"
set rscheck = server.createObject
rscheck.open mysql, conn, 1,1
FSER = TRIM (F.SerialNumber)
'' Get the current disk serial number
Strserno = Trim (RSCHECK.FIELDS ("SERNO"))
Strmark = rscheck.fields ("" wrimark ")
if StrSerno <> FSER and Strmark = 0 THEN
'' If it is installed for the first time, the writing logo is 1
session ("pass") = true
'' Define the user session and placed it as a global ASP document identification variable
set rsmain = server.createObject ("Adodb.recordset")
MySQL1 = "Update DriveInfo SERNO =" & FSER & ", Wrimark = 1"
rsmain.open mysql1, conn, 1,2
response.write ("<" <"<"
Successful! WELCOME to Access The Website! <//a> ")))
set rsmain = nothing
else
if StrSerno = FSER THEN
'' If the legal user enters again
session ("pass") = true
Response.write ("<" <<href = '' Success.asp ''> You are authorized by the website manager, Welcomes to accept! <//a> ")
else
'' Illegal copy user
session ("pass") = false
Response.write ("<" <"<" <"<" <", 'Fail.htm' '> It is iLlegal to Copy The Website''s Asp Document.you Are Not Rigrt to Use the Program.
end if
end if
response.write ("<br>")
Response.write ("Volume Serial Number in Drive" & Testdrive)
response.write (f.serialnumber)