|
| |
|
|
Ziggyzaz
Posts: 250
Joined: 5/29/2003
Status: offline
 |
Some Pages Wont Work While Others Will - 6/26/2003 19:14:03
i run my site off of two sites. I do all my editing on a test site that only people inside my network can see. (test site) I then publish to my root site (root) Inside my site are pages that can only be viewed by people that are inside my network. Some pages that are inside do not work. They are saying that the includes that I use are not where they are. I have checked the file paths and even made sure that the files are there. It is still not working. Please help
_____________________________
Your Chicken is on Fire
|
|
|
|
Doug G
Posts: 1189
Joined: 12/29/2001
From: SoCal
Status: offline
|
RE: Some Pages Wont Work While Others Will - 6/28/2003 16:58:34
If you are using something like <!--#include file=" ..\myfile.inc" --> in your include files, more than likely the target server has the Allow Parent Paths setting in IIS turned off while your test server allows parent paths.
The easiest cure is to reference your include files from the root of your web using <!--#include virtual=" /includefolder/myinclude.inc" --> which will find the include via it' s url in your website.
BTW, it' s better & safer to use .asp extension on your include files.
_____________________________
======
Doug G
======
| |
|
|
|
Gil
Posts: 7533
From: North Carolina, USA
Status: offline
|
RE: Some Pages Wont Work While Others Will - 6/28/2003 18:12:34
quote:
BTW, it' s better & safer to use .asp extension on your include files.
Curious. Why is that Doug?
_____________________________
Gil Harvey, 1947-2004
| |
|
|
|
Doug G
Posts: 1189
Joined: 12/29/2001
From: SoCal
Status: offline
|
RE: Some Pages Wont Work While Others Will - 6/28/2003 19:39:25
Gil-
With an .inc extension, if a curious user were to guess the include file name and point their browser at it, they will get a screenfull of your asp code.
However, an asp extension will force the page to go through the asp interpreter if a user browses directly to the page, and will either execute or error out, but will not send the asp code to the browser.
_____________________________
======
Doug G
======
| |
|
|
|
Gil
Posts: 7533
From: North Carolina, USA
Status: offline
|
RE: Some Pages Wont Work While Others Will - 6/28/2003 22:32:42
quote:
With an .inc extension, if a curious user were to guess the include file name and point their browser at it, they will get a screenfull of your asp code.
Excuse my ignorance but, so?
BTW, I' ve never used a .inc extension, is that standard for Frontpage? I' ve always used .txt
But, I' ve never used the FP version of includes - just SSI
_____________________________
Gil Harvey, 1947-2004
| |
|
|
|
Doug G
Posts: 1189
Joined: 12/29/2001
From: SoCal
Status: offline
|
RE: Some Pages Wont Work While Others Will - 6/28/2003 22:45:54
In the early days of Snitz the main configuration file was config.inc, and since everyone using the package knew what the filename was it didn' t take long for some people to open it directly, look at the source and determine the database connection info, and hack into the db.
Would you like your php source to end up in a user' s browser?
_____________________________
======
Doug G
======
| |
|
|
|
Doug G
Posts: 1189
Joined: 12/29/2001
From: SoCal
Status: offline
|
RE: Some Pages Wont Work While Others Will - 6/28/2003 22:53:59
FP includes are a different animal, they are processed by a FP bot if I' m not mistaken. I don' t think FP includes normally contain server executable code, but I don' t really use FP much.
The first incarnation of InterDev and early MS samples all used .inc for an include file extension, and it became somewhat a standard in the asp world.
http://www.w3schools.com/asp/asp_incfiles.asp
http://www.4guysfromrolla.com/webtech/020400-2.shtml
_____________________________
======
Doug G
======
| |
|
|
|
Doug G
Posts: 1189
Joined: 12/29/2001
From: SoCal
Status: offline
|
RE: Some Pages Wont Work While Others Will - 6/29/2003 15:53:31
Is there a point here somewhere?
.inc as a file extension is used in both asp & php, and in both cases it' s not a good idea unless you don' t care about the possibility of your server code being displayed in a user' s browser.
_____________________________
======
Doug G
======
| |
|
|
|
Gil
Posts: 7533
From: North Carolina, USA
Status: offline
|
RE: Some Pages Wont Work While Others Will - 6/29/2003 16:21:37
quote:
Is there a point here somewhere?
Gee, sorry. I was trying to learn a little about .asp - something I know vert little about.
Your original caution to use .asp had me curious - I was asking why .asp would be " better and safer" than a .txt extension?
Anyone?
If anyone can furnish an example of .inc file showing php code in a browser, I' d like to see it!!!!!!!!!
_____________________________
Gil Harvey, 1947-2004
| |
|
|
|
Gil
Posts: 7533
From: North Carolina, USA
Status: offline
|
RE: Some Pages Wont Work While Others Will - 6/29/2003 22:36:19
quote:
The contents could just as easily be php code.
Do you have any examples?
quote:
If you have a known or guessable include file name and that include file is in your web, anyone that browses directly to the include file (NOT the including file) will see the contents if the file extension doesn' t have some kind of server-side filtering. In some cases this can be bad news for your site.
I see that w/ the .inc extension. Are you saying testfile.php would also show the code?
_____________________________
Gil Harvey, 1947-2004
| |
|
|
|
Doug G
Posts: 1189
Joined: 12/29/2001
From: SoCal
Status: offline
|
RE: Some Pages Wont Work While Others Will - 6/29/2003 23:13:28
If a file testfile.php was on a php-enabled server you' ll get an error message instead of the source code.
http://www.dougscode.com/work/testfile.php is the same test file with the asp tags changed to php tags.
There is no problem when the include files are used normally. The file extension of the included file is irrelevant and the controlling file' s extension tells the web server how to process the page. The included files are merely stuck in the page' s code base at the point of the include statement then the entire code base of the page is processed by the web server.
The problem comes in when a well-known program in either asp or php uses a well-known filename to include something like database connection or other configuration options, not an uncommon scenario. If the included files have an unsafe extension like .inc or .txt you risk exposing sensitive stuff that may be in the source code of the included file.
Changing the included file extension to asp or php forces the file to go through the asp or php interpreter rather than just dumping out to the user, should the user decided to browse directly to the included file instead of the controlling file.
Maybe it' s that time of the month, there is a thread on this exact subject over at www.phpbuilder.com forums right now. This subject has been discussed often by asp and php developers. The file extensions for Snitz include files was changed in 2000 I believe after a couple of the original forums were hacked because the db connection information was exposed.
_____________________________
======
Doug G
======
| |
|
|
|
Gil
Posts: 7533
From: North Carolina, USA
Status: offline
|
RE: Some Pages Wont Work While Others Will - 6/30/2003 9:41:11
Thanks Doug
I see the problem w/ .inc & .txt normaly in PHP I use something like:
<?php
include(" include/common.php" );
include(" $config[template_path]/user_top.html" );
?>
rather than a <!--#include file=" ..\myfile.inc" -->
I guess your post: BTW, it' s better & safer to use .asp extension on your include files. was a little misleading. I thought you were sayin only a .asp ext. would be safer. BTW, it' s better & safer to use .asp or .php extension on your include files. would have been more accurate - no?
_____________________________
Gil Harvey, 1947-2004
| |
|
|
|
Ziggyzaz
Posts: 250
Joined: 5/29/2003
Status: offline
|
RE: Some Pages Wont Work While Others Will - 7/1/2003 14:54:38
Wow,
I' m glad my question could spawn so much conversation. Thanks for the help everyone. My site is working well again
_____________________________
Your Chicken is on Fire
| |
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts
|
|
|
Printable Version 
