|
 |
asp_web_howto thread: Data Security
Message #1 by "Peter Byers" <pb@s...> on Mon, 23 Apr 2001 17:11:16
|
|
(This message is also posted on the security_asp list. Please post any replies there for
preference. - moderator)
Hi
I have some files that are written to and read by ASP files
They are in a folder called "SECURE"
They are .TXT and .CSV files
I do not want anyone to have access to them by simply typing
HTTP://WWW.MYSITE.COM/SECURE/SOMEFILE.TXT
BUT
I do want my ASP files to have access to them for reading, writing appending and
deleting.
Can anyone tell me please what permissions should be on the SECURE folder
It would be appreciated if any answers could spell it out and not just be general -
this is not an area in which I am expert (and I am a bit dim anyway !!)
Thank you in anticipation
Pete (Northolt UK)
Message #2 by "jonas jerndin" <jonas.jerndin@o...> on Mon, 23 Apr 2001 18:54:08
|
|
A good thing is to use asp-extention on your #include-files.
That way people canīt get your code that easily.
To check that the include-file is running inside a document you can use
this code:
<%
if(InStr(Request-ServerVariables("SCRIPT_NAME"),"SOMEFILE.ASP"))Then
'The file isnīt included
Response.Write("This file is for including only...")
else
'page URL valid
RunCode()
end if
%>
Message #3 by "Peter Byers" <pb@s...> on Mon, 23 Apr 2001 21:00:10
|
|
Thank you for your reply - the files are not #include files, they are data files
BUT
They could be called ASP files though - that would be an answer (even if not the one I wanted
!!!)
thank you
Pete
> A good thing is to use asp-extention on your #include-files.
> That way people canīt get your code that easily.
>
> To check that the include-file is running inside a document you can use
> this code:
>
> <%
> if(InStr(Request-ServerVariables("SCRIPT_NAME"),"SOMEFILE.ASP"))Then
> 'The file isnīt included
> Response.Write("This file is for including only...")
> else
> 'page URL valid
> RunCode()
> end if
Message #4 by "Alex Shiell, ITS, EC, SE" <alex.shiell@s...> on Tue, 24 Apr 2001 09:45:49 +0100
|
|
Just put the files in a folder that is outside of wwwroot (or whatever your
web folder is called) so that they are not accessible through the web
server. You can still include them in your ASPs with <!-- INCLUDE
FILE="C:\secure\file.txt"-->
-----Original Message-----
From: Peter Byers [mailto:pb@s...]
Sent: Monday, April 23, 2001 6:11 PM
To: ASP Web HowTo
Subject: [asp_web_howto] Data Security
(This message is also posted on the security_asp list. Please post any
replies there for
preference. - moderator)
Hi
I have some files that are written to and read by ASP files
They are in a folder called "SECURE"
They are .TXT and .CSV files
I do not want anyone to have access to them by simply typing
HTTP://WWW.MYSITE.COM/SECURE/SOMEFILE.TXT
BUT
I do want my ASP files to have access to them for reading, writing appending
and
deleting.
Can anyone tell me please what permissions should be on the SECURE folder
It would be appreciated if any answers could spell it out and not just be
general -
this is not an area in which I am expert (and I am a bit dim anyway !!)
Thank you in anticipation
Pete (Northolt UK)
________________________________________________________________________
Scottish Enterprise Network
http://www.scottish-enterprise.com
|
|
|
View Cart
