It depends on how you define "safe". You say that anyone can see the code. Not really that way. What you can see by clicking on "View Source" is not the original ASP page, but the resulting HTML page. No the same thing as the underlying server-side VBS code is not shown. Can a hacker get to it? It is possible, but that woul dbe more a fault of IIS settings and the web admin than ASP itself.

If you are concerned about code security, and also speed, you could change to ISAPI and a compiled language (VFP and VB come to mind), instead of the current interpreted ASP. (Note: this will change in the near future with ASP.Net, but then that's not ASP).

Re: securing credit card data: that is more a function of encrypting the data transmission (currently done with certificates and SSL) and encrypting your data (in SQL Server or DBF or MDB or whatever).

HTH



>I am in the process of designing a website. It has two parts, E-Commerce and a discussion forum. It will contain customer and discussion members details, and eventually Credit card transactions. Is ASP thought to be secure enough for this job. The main worry is about the ASP code being held as text i.e. a hacker can see what the code looks like. I realise that most of the security is handled by the ISP, but even with the most secure ISP, is ASP a safe option.
>
>The books and articles that I have read so far are inconclusive, they mention CGI etc, but even these can be dis-ascembled, so a hacker can see the code.