1.4.4- Shielding ASP Source Code from the Browser

Shielding ASP Source Code from the Browser

We'll highlight one more point before we wrap up this chapter. You've probably noticed that, when browsing the web, you can view HTML code directly using your browser. (For example, if you're browsing with IE5 then you can do this by choosing View | Source from the toolbar; if you're browsing with Netscape Navigator, then choose View | Page Source.) When you do this, remember that you're viewing the document client-side – the HTML has already been downloaded from the web server to the client, and you're now viewing that HTML source.

By contrast, you may also have noticed that your browser software doesn't enable the browser to view the source ASP code that generated this HTML. Instead, if you want to view the ASP code then you must view it on the server, by using a web page editor such as Visual InterDev or Notepad on the server.

If you're using different machines for your web server and your client, then this distinction will be fairly easy to grasp. But if you're using the same machine to perform both roles (which is a reasonable thing to do, especially in a learning or development scenario) then you may need to consider this distinction a little more carefully.

The fact that the browser doesn't allow the end-user to view the ASP source has a rather important and valuable consequence. Consider the following scenarios, as a couple of examples:

• You're writing an ASP page that uses a database query to get some data (which you want to display in the page). As we'll see in Chapter 12, you will need to code in connection details in order to access the database – and these connection details may contain sensitive information such as a username and password

• You're writing an ASP page that uses an algorithm to calculate an insurance quote. However, you don't want customers to know how the calculation works, so you need to keep the algorithm secret

If you code these things using ASP, then it means that your code isn't available for end-users to view through their browser. In other words, writing your pages with ASP is much more secure than writing them in pure HTML. Coding in ASP enables us to ensure that things like sensitive database queries and proprietary formulas are kept away from prying eyes.