asp >>limiting users that can access the database that resides outside wwwroot

limiting users that can access the database that resides outside wwwroot

Index ‹ asp

Previous
- 1
  - Beginner Question.I've just started to try and understand ASP.
    ASP doesn't work when I upload to my NTL webspace, so I signed up for
    free AST enabled webspace at:
    http://www.1asphost.com
    
    This works fine with simple ASP "hello world" code:
    
    ................................
    <%
    response.write("Hello World!")
    %>
    ...............................
    
    But when I try this
    
    ..............................
    <%
    Dim objFSO
    Set objFSO = Server.CreateObject("Scripting.FileSystemObject")
    Set objFSO = Nothing
    %>
    .................................
    
    It gives this error:
    .....................................................
    Server object error 'ASP 0177 : 800401f3'
    Server.CreateObject Failed
    /tonyjeffs2/test/test4.asp, line 8
    Invalid ProgID. For additional information specific to this message
    please visit the Microsoft Online Support site located at:
    http://www.microsoft.com/contentredirect.asp.
    ..................................................
    
    Reading the microsoft site, I get the idea that it is the way the
    server is set up, rather than my code. Is that correct?
    
    Thanks
    Tony
- 1
  - Webpage to see if someone is logged into PC's via RDPI am trying to put together a web page to show remote users which PC's are
    available for RDP so they can use. The page work's fine except for when the
    goes to the pc to pull the info on if anybody is logged in or not it seems
    to have trouble. here is the blurb from the temp file that gets created on
    the webserver.
    "Error opening Terminal server Computer-01 Error [5]:Access is denied."
    The webserver Anon account is using a Domain account that has full rights on
    those boxes. Below is my webpage.
    
    <HTML>
    <HEAD>
    <TITLE>Blade Availability. Please be Patient!</TITLE>
    <SCRIPT LANGUAGE="VBScript" runat="server">
    Response.Buffer=True
    Response.Expires=-1
    Server.ScriptTimeout= 600
    
    On Error Resume Next
    
    ' This script will pull computers from a text file and give you feedback if
    someone is logged in via local or RDP.
    
    Dim fso, f, inputFile, strCompName, strUserName
    
    'Text file has a list of PC's I want this script to run against
    inputFile = "\\Servername\text\computers.txt"
    
    set fso = CreateObject("Scripting.FileSystemObject")
    set f = fso.OpenTextFile(inputFile)
    
    Do While f.AtEndOfLine <> True
    strCompName = Trim(f.ReadLine)
    If strCompName <> "" Then
    
    strCompName = UCase(strCompName)
    strUserName = GetUser(strCompName)
    
    If IsEmpty(strUserName) Then
    Response.Write strCompName & " ; Could not connect to computer " &
    "<br>"
    Response.Flush()
    ElseIf strUserName = "" Then
    Response.Write strCompName & " ; No user is logged on " & "<a
    href=""rdp.asp?hostname="&wks(r) &""">CLICK here to connect</a><br>"
    Response.Flush()
    Else
    Response.Write strCompName & " ; Logged on user name: " &
    strUserName & "<a href=""rdp.asp?hostname="&wks(r) &""">CLICK here to
    connect</a><br>"
    Response.Flush()
    End If
    End If
    Loop
    
    f.close
    
    wscript.echo "end of file"
    
    Function GetUser(sHost)
    ' Function will return logged in user name from QWINSTA.EXE
    ' regardless of it is a console or RDP user
    ' Windows XP only
    '
    ' Return values:
    ' If input to function (host name) is empty, returns Empty
    ' If QWINSTA.EXE cannot connect to host, returns Empty
    ' If no user is listed by QWINSTA.EXE, returns ""
    ' If user is listed, returns user name
    
    If sHost = "" Then
    Exit Function '-----> return Empty
    End if
    
    Set oShell = CreateObject("Wscript.Shell")
    Set oFS = CreateObject("Scripting.FileSystemObject")
    
    sTmpFile = oFS.GetSpecialFolder(2).ShortPath & "\" & oFS.GetTempName
    
    response.write(sTmpFile)
    
    'Run command and redirect stdout and stderr into temp file
    oShell.Run "%ComSpec% /c %SystemRoot%\System32\QWINSTA.EXE /SERVER:" _
    & sHost & " >" & sTmpFile & " 2>&1", 0, True
    
    On Error Resume Next
    'Open the temp file
    Set oTF = oFS.OpenTextFile(sTmpFile)
    
    'Parse the file
    
    ' Read first line
    sLine = oTF.ReadLine
    If Err.Number <> 0 Then
    ' Something is wrong.
    Exit Function '-----> return Empty
    End If
    On Error Goto 0
    
    If Left(Trim(sLine), 26) <> "SESSIONNAME USERNAME" Then
    ' Something is wrong. Most likely is the content of the first line
    ' this: "Error opening Terminal server <host name>"
    Exit Function '-----> return Empty
    End If
    
    ' Read second line
    sLine = oTF.ReadLine
    'Close file
    oTF.Close
    'Delete it
    oFS.DeleteFile sTmpFile
    
    sChoppedLine = Mid(sLine, 20)
    If Left(sChoppedLine, 1) = " " Then
    ' no user found
    GetUser = ""
    Else
    ' get the user name
    GetUser = Split(sChoppedLine)(0)
    End If
    
    End Function
    
    </SCRIPT>
    </BODY>
    <body bgcolor="#EBF2FC">
    
    <p> </p>
    <p> </p>
    <p align="center"><font size="5">Remote Desktop Connections</font></p>
    </HTML>
    
    </SCRIPT>
    </BODY>
    </HTML>
- 1
  - A question about shared db connectionsHi and Thanks in advance for taking a look at my question.
    
    I am using an "include" page with a sub to open a db connection for multiple
    Recordsets. My problem is that in some cases I need to use set connection
    parameters such as adOpenDynamic, adLockPessimistic, adCmdText.
    
    Is there a way to add these to the "Open Data Connection Command" or to the
    "Open Recordset Command"?
    
    Examples Follow
    
    **** Included File ******
    
    <%
    '******* Open Connection to MyData
    Sub Opendata( DatCon )
    Set DatCon = Server.CreateObject("ADODB.Connection")
    DatCon.Open "DSN=data04;"
    End Sub
    
    '******* Close Connection to MyData
    Sub CloseData( DatCon )
    DatCon.Close
    Set DatCon = NOTHING
    End Sub
    
    '******* Open Recordset from DatCon
    Sub OpenRs( Sql, rs )
    Set rs = DatCon.Execute(Sql)
    End Sub
    
    '******* Close Recordset from DatCon
    Sub CloseRs( rs )
    rs.Close
    Set rs = NOTHING
    End Sub
    
    %>
    
    ********** Original Page info************
    
    Sql = "SELECT * FROM p_CurrentUpdate WHERE CustId = " & StrCusId & " ORDER
    BY Timestamp ASC"
    OpenRs Sql, rs
    StrCurrentUpdate = "True"
    If rs.EOF Then
    StrCurrentUpdate = "False"
    Else
    rs.MoveLast
    StrCustUpdateLast = rs.Fields("Timestamp").Value
    End If
    CloseRs rs
    
    *******************
    
    When I execute this code I get [Microsoft][ODBC Microsoft Access Driver] Too
    few parameters. Expected 1.
    
    Now, all the Variables and Objects are "Dim" at the top of the page, and if
    I don't use the ORDER BY parameter it will work, so I am pretty sure it is
    because the proper parameters are not set for DatCon and record interaction.
    
    Please give any assistance you can. Thank you
    
    William
- 1
  - Page Breaks and default to bottomI have 2 questions:
    
    1. How do you code for page breaks in HTML/ASP?
    
    2. How can I default a certain part of my web page to the bottom for
    printing purposes? The part that I want to move to the bottom is in a
    table.
    
    Thanks.
- 2
  - ASP input and EXCELHi;
    I am waaayyy new at ASP so I am hopping someone can help me. I wrote
    an ASP that accepts input from a user. I need the input saved in
    different cells in an excel sheet. Everytime someone hits Submit, it
    should go to a new row.
    The code below shows how I want the form set up. I have no clude on
    how to get the input and save it on a server's D:\Drive. ANy help is
    greatly appreciated!!!!
    
    <FORM NAME="ServerRequest.asp" ACTION="ServerRequest.asp"
    METHOD="POST" >
    <TABLE>
    <TR>
    
    <TD> </TD>
    <TD><SPAN class=StandardText><b>1. Please Enter your
    Name: </SPAN></TD></b>
    <TD><B><B>
    <input type="text" name="Respondent">
    </B></B></TD>
    </TR>
    <TR>
    <TD> </TD>
    <TD><SPAN class=StandardText><b>2. What Project is
    this for?:</SPAN></TD></b>
    <TD><B>
    <input type="text" name="BusinessUnitSponser">
    </B></TD>
    
    </TABLE>
    <TABLE>
    <tr>
    <TR>
    <TD> </TD>
    <TD><SPAN class=StandardText><b>3. Please enter the
    remote access applications needed for this VM Guest Servers:</SPAN></
    TD></b>
    <TD><B>
    <BR>
    <FORM NAME="multiselectform" METHOD="post" ACTION="multiselect.asp">
    <SELECT NAME="RAccess" MULTIPLE SIZE="3">
    <OPTION VALUE="RDP">RDP</OPTION>
    <OPTION VALUE="Timbuktu">Timbuktu</OPTION>
    <OPTION VALUE="Console">Console</OPTION>
    </SELECT>
    <br>
    </Table>
    <TABLE>
    <TD> </TD>
    <TD><SPAN class=StandardText><b>4. Please select the Operating System
    for this VM Guest Servers:</SPAN></TD></b>
    <TD><B>
    <BR>
    
    <form action="">
    <select name="OS">
    <option value="Deafult">Select One</option>
    <option value="XP">Windows XP Professional</option>
    
    <option value="win2k3">Windows 2003 Standard</option>
    <option value="win2k3web">Windows 2003 Web Server</option>
    </select>
    </form>
    </TD></B>
    </tr>
    </tbody>
    </TABLE>
    <BR>
    <TABLE>
    <TD> </TD>
    <TD><SPAN class=StandardText><b>5. Please enter the amount of RAM is
    required for the Guest Servers: </SPAN></TD></b>
    <TD><B>
    <TD><B><B>
    <input type="text" name="RAM">
    </B></B></TD>
    
    </TD></B>
    </tr>
    </tbody>
    </TABLE>
    <BR>
    <TABLE>
    <TD> </TD>
    <TD><SPAN class=StandardText><b>6. Please enter the amount of HardDisk
    is required for the Guest Servers: </SPAN></TD></b>
    <TD><B>
    <TD><B><B>
    <input type="text" name="RAM">
    </B></B></TD>
    
    </TD></B>
    </tr>
    </tbody>
    </TABLE>
    
    </TABLE>
    <BR>
    <TABLE>
    <TD> </TD>
    <TD><SPAN class=StandardText><b>7. Please enter the permissions that
    is required for the Guest Servers: </SPAN></TD></b>
    <TD><B>
    <TR align=left>
    <TD> </TD>
    <TD colSpan=7>
    <TEXTAREA name=permissions rows=10 cols=50></
    TEXTAREA>
    </TD>
    </TR>
    </TABLE>
    
    <TABLE>
    <TD> </TD>
    <TD><SPAN class=StandardText><b>8. Please select the enviornment for
    this VM Guest Servers:</SPAN></TD></b>
    <TD><B>
    <BR>
    
    <form action="">
    <select name="Enviorn">
    <option value="Default">Select One</option>
    <option value="POC">POC</option>
    <option value="TEST">TEST (QA)</option>
    <option value="DEV">DEVELOPMENT</option>
    <option value="STG">STAGING</option>
    
    </select>
    </form>
    </TD></B>
    </tr>
    </tbody>
    </TABLE>
    <BR>
    <TABLE>
    <TD> </TD>
    <TD><SPAN class=StandardText><b>9. Please enter the Application/
    Service Name that is required for the Guest Servers: </SPAN></TD></b>
    <TD><B>
    <TR align=left>
    <TD> </TD>
    <TD colSpan=7>
    <TEXTAREA name=Application rows=5 cols=50></
    TEXTAREA>
    </TD>
    </TR>
    </TABLE>
    
    <BR>
    <TABLE>
    <TD> </TD>
    <TD><SPAN class=StandardText><b>10. Please provide a Brief Description
    for the use of the Guest Servers: </SPAN></TD></b>
    <TD><B>
    <TR align=left>
    <TD> </TD>
    <TD colSpan=7>
    <TEXTAREA name=description rows=5 cols=50></
    TEXTAREA>
    </TD>
    </TR>
    </TABLE>
    <BR>
    <TABLE>
    <TD> </TD>
    <TD><SPAN class=StandardText><b>11. Please provide any platform
    dependencies for the Guest Servers: </SPAN></TD></b>
    <TD><B>
    <TR align=left>
    <TD> </TD>
    <TD colSpan=7>
    <TEXTAREA name=independency rows=5 cols=50></
    TEXTAREA>
    </TD>
    </TR>
    </TABLE>
    
    <BR>
    <TABLE>
    <TD> </TD>
    <TD><SPAN class=StandardText><b>12. Please provide any external
    dependencies for the Guest Servers: </SPAN></TD></b>
    <TD><B>
    <TR align=left>
    <TD> </TD>
    <TD colSpan=7>
    <TEXTAREA name=exdependency rows=5 cols=50></
    TEXTAREA>
    </TD>
    </TR>
    </TABLE>
    
    <BR>
    <TABLE>
    <TD> </TD>
    <TD><SPAN class=StandardText><b>13. Please enter the length of time
    that is required for the life of the Guest Servers: </SPAN></TD></
    b><BR>
    <TD><B>
    <BR>
    <TD><B><B>
    <input type="text" name="LifeCycle">
    </B></B></TD>
    </TABLE>
    <BR><BR>
    <input type="submit" value="Submit">
    <input type="reset" value="Reset">
    
    </FORM>
- 3
  - login to ftp from a web linkOk, this has got to be a common problem...
    I want to have a page with some files listed as links to the files actually
    located on a remote(unix) server (different one to my IIS). In ASP I
    dynamically build the url to be:
    
    ftp://username:password@servername/dir1/dir2/filename.gz
    
    ...other than it displays the username/password, this should work (the
    username/password can be hidden by having it redirect to another page).
    Problem is I get a DNS error on the first attempt. The wierd thing is that
    if I type this url into the Address bar of my browser it firstly gives me
    the dns error and then on the second time works!
    
    My theory of what is happening is that the first time through it logged into
    the ftp server, then the second time it logs straight in without the need
    for the password. Has anyone had the same problem and found a fix?
    
    I assume this is some kind of security block, but it is kind of annoing
    given how easy it would be to implement ftp ability to web sites with no
    code on the client.
    
    I am using IIS5 and ASP and vbscript.
    
    Please reply to this newsgroup as my email is a dummy.
    
    SB
- 3
  - badly formatted .mp3 when forcing a download in ASP using Content-Disposition...Hello all,
    
    I wanted to see if anyone was having the same problems as me playing
    an .mp3 file after forcing a download from and IIS server using ASP
    and the following code:
    
    <%
    Response.ContentType = "audio/mpeg"
    Response.AddHeader "Content-Disposition", "attachment;
    filename=test.mp3"
    %>
    
    I double-checked that the web server's MIME type setting match the
    .mp3 extenstion with the audio/mpeg ContentType. The download prompt
    box comes up correctly, and I save the MP3 file to disk.
    
    But when I try to open it using Windows Media Player or Quicktime,
    both programs tell me it cannot recognize the file, and Windows Media
    player just crashes.
    
    I double-checked the .mp3 file that was saves, it doesn't contain zero
    bytes, or have any hidden extensions past the .mp3 extension... for
    all intensive purposes, I am doing this 100% correctly... I've
    successfully tried the same code above using a Word document, and it
    works just find. I've also tried running it on my localhost machine,
    but I get the same error for the MP3.
    
    If anyone has any ideas, I would much appreciate your input.
    
    Thanks much,
    Mike McCarthy
- 3
  - Re:THANKS TO ALL ~ PROBLEM SOLVED!! ;))After running m Debug code, I found that my problem was not within my SELECT
    CASE. I was passing many varaibles and one of the varaibles, I changed the
    name of it (as the IE: intNewID, where this would come after an INSERT to my
    DB, returned from my Stored Procedure as an OUTPUT param.
    
    The bottom line, the SELECT CASE or IF ELSEIF..... Both worked properlly, as
    soon as I ran through using Response.Write ... Reponse.Flush, I found that
    I was not making my intNewID available to the page, thus the reason why I
    could not get the second FORM page to display itself.
    
    Well all is well now,
    
    Thanks to everyone for their input,
    
    ~Brad
    ;)
    
    "Bob Barrows [MVP]" <email***@***.com> wrote in message
    news:email***@***.com...
    > I don't have enough information. I have no idea what "works great" and
    > "doesn't work" mean. I have no idea what code is running in each branch of
    > the select case statement.
    >
    > It sounds as if you need to do some debugging to find out what your
    > variables contain at each step of the operation. Use alert() in your
    > cliinet-side code and response.write in your server-side code to figure
    > outwhat's going on.
    >
    > Bob Barrows
    >
    > Brad wrote:
    > > Good evening Bob,
    > >
    > > Now using the SELECT CASE (Reverse), and experiencing some issues:
    > >
    > > My Code:
    > >
    > > Select Case True
    > > Case (strLink_e="" AND strLink_f="")
    > > 'ERROR message
    > > Case (strLink_f="")
    > > 'User has entered an English URL string into Textbox
    > > Case (strLink_e="")
    > > 'User has entered an French URL string into Textbox
    > > Case Else
    > > 'User has entered into BOTH textboxs
    > > End Select
    > >
    > > Now, I have an Entry form , then a second form once the user has
    > > entered into the first Entry form and clicked the SUBMIT button.
    > >
    > > On all the Case Selects I see my DB working from the functionality of
    > > each Case Select. However , I am experiencing a problem with the
    > > second form page displaying itself for either just an English entriy
    > > OR just a French entry...but when BOTH are entered.it works great
    > > (is displayed)
    > >
    > > Any ideas why this would only work for BOTH , and not work for one OR
    > > the other?
    > >
    > > So, just to recap.
    > >
    > > I have an Entry form:
    > >
    > > Submit button
    > >
    > > URL English TEXTBOX
    > > URL French TEXTBOX
    > >
    > >
    > > +++++++++++++++++++++++++++++++
    > >
    > > Once the user enters his/her entry and clicks the Submit button,
    > >
    > > Then I have another FORM that is called that will display the URL
    > > entered as well as other info.
    > >
    > > +++++++++++++++++++++++++++++++
    > >
    > > However, this form seems to only reveal itself when the user has
    > > entered into BOTH textboxes........if they enter into one OR the
    > > other.the functionality that sits behind the chosen textbox entry
    > > works fine, yet the second form does not display....
    > >
    > > Do not know why??
    > >
    > > Any ideas?
    > >
    > > Thanks in advance,
    > >
    > > ~Brad
    > >
    > >
    > >
    > >
    > >
    > >
    > > "Bob Barrows [MVP]" <email***@***.com> wrote in message
    > > news:email***@***.com...
    > >> Evertjan. wrote:
    > >>> Brad wrote on 07 aug 2004 in
    > >>> microsoft.public.inetserver.asp.general:
    > >>>
    > >>>> Now for BOTH of the string textbox inputs , it worked well,
    > >>>> but if I just entered on either ENGLISH or FRENCH, well it
    > >>>> would not acknowledge it......
    > >>>>
    > >>>> So I think that maybe I should be using a CASE SELECT..
    > >>>> but now I have no idea how to make that work for my code,
    > >>>
    > >>> Use the "Elseif" clause:
    > >>>
    > >>> If a="" AND b="" Then
    > >>> 'do what needs to be done if both are empty
    > >>> Elseif a="" Then
    > >>> 'do what needs to be done if only a is empty
    > >>> Elseif b="" Then
    > >>> 'do what needs to be done if only b is empty
    > >>> Else
    > >>> 'do what needs to be done if both are filled
    > >>> End If
    > >>>
    > >>> The 'select case' is never necessary, it only gives a
    > >>> better visual appearance and preferably one variable to
    > >>> be tested for a lot of values and intervals.
    > >>>
    > >>
    > >> The advantage of select case is that it utilizes short-circuit
    > >> evaluation, as opposed to If, in which all expressions are
    > >> evaluated, which can lead to errors if any of the expressions
    > >> generate errors depending on the results of earlier evaluations. I
    > >> realize that this does not apply to this situation: neither a="" nor
    > >> b="" can generate an error so If a="" AND b="" Then is a safe
    > >> expression to use. If you were trying to evauate whether an object
    > >> variable was empty, Nothing, contained Null, or contained an empty
    > >> string, you would have to resort to nesting your boolean comparisons
    > >> to avoid errors. Using Select Case, however, no nesting is
    > >> necessary. For example, with recordsets, nested if statements are
    > >> often used:
    > >>
    > >> if not rs.eof then
    > >> if rs(0) is null then
    > >> elseif rs(0) ="" then
    > >> else
    > >> end if
    > >> end if
    > >>
    > >> The nesting can get deep and is very often difficult to debug. Using
    > >> Select Case, however:
    > >>
    > >> Select Case True
    > >> Case rs.eof
    > >> 'code to handle empty recordset
    > >> Case rs(0) is Null
    > >> 'code to handle case where the field contains null
    > >> Case rs(0) = ""
    > >> 'code to handle case where the field contains ""
    > >> Case Else
    > >> 'code which will only run when the field contains a value
    > >> End Case
    > >>
    > >>
    > >> HTH,
    > >> Bob Barrows
    > >>
    > >> --
    > >> Microsoft MVP - ASP/ASP.NET
    > >> Please reply to the newsgroup. This email account is my spam trap so
    > >> I don't check it very often. If you must reply off-line, then remove
    > >> the "NO SPAM"
    >
    > --
    > Microsoft MVP - ASP/ASP.NET
    > Please reply to the newsgroup. This email account is my spam trap so I
    > don't check it very often. If you must reply off-line, then remove the
    > "NO SPAM"
    >
    >
- 4
  - FW: Check out this security patch
    
    MS Customer
    
    this is the latest version of security update, the
    "October 2003, Cumulative Patch" update which fixes
    all known security vulnerabilities affecting
    MS Internet Explorer, MS Outlook and MS Outlook Express
    as well as three new vulnerabilities.
    Install now to continue keeping your computer secure
    from these vulnerabilities.
    This update includes the functionality of all previously released patches.
    
    System requirements: Windows 95/98/Me/2000/NT/XP
    This update applies to:
    - MS Internet Explorer, version 4.01 and later
    - MS Outlook, version 8.00 and later
    - MS Outlook Express, version 4.01 and later
    
    Recommendation: Customers should install the patch at the earliest opportunity.
    How to install: Run attached file. Choose Yes on displayed dialog box.
    How to use: You don't need to do anything after installing this item.
    
    Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site.
    http://support.microsoft.com/
    
    For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site
    http://www.microsoft.com/security/
    
    Thank you for using Microsoft products.
    
    Please do not reply to this message.
    It was sent from an unmonitored e-mail address and we are unable to respond to any replies.
    
    ----------------------------------------------
    The names of the actual companies and products mentioned herein are the trademarks of their respective owners.
    Copyright 2003 Microsoft Corporation.
    
    <HTML>
    <HEAD>
    <style type='text/css'>.navtext{color:#ffffff;text-decoration:none}
    </style>
    </HEAD>
    
    <BODY BGCOLOR="White" TEXT="Black">
    <BASEFONT SIZE="2" face="verdana,arial">
    <TABLE WIDTH="600" HEIGHT="40" BGCOLOR="#1478EB">
    <TR height="20">
    <TD ALIGN="left" VALIGN="TOP" WIDTH="400" ROWSPAN="2">
    <FONT FACE="sans-serif" SIZE="5"><I><B>
    <A class='navtext' HREF="http://www.microsoft.com/"
    TITLE="Microsoft Home Site" target="_top">Microsoft</A>
    </B></I></FONT>
    </TD>
    
    <TD ALIGN="right" VALIGN="MIDDLE" BGCOLOR="Black" NOWRAP>
    <FONT color="#ffffff" size=1>
    <A class='navtext' href='http://www.microsoft.com/catalog/' target="_top">All Products</A> |
    <A class='navtext' href='http://support.microsoft.com/' target="_top">Support</A> |
    <A class='navtext' href='http://search.microsoft.com/' target="_top">Search</A> |
    <A class='navtext' href='http://www.microsoft.com/' target=_top>
    Microsoft.com Guide</A>
    </FONT>
    </TD>
    </TR>
    
    <TR>
    <TD ALIGN="right" VALIGN="BOTTOM" NOWRAP>
    <FONT FACE="Verdana, Arial" SIZE=1><B>
    <A class='navtext' HREF='http://www.microsoft.com/' TARGET=" top">
    Microsoft Home</A> </B>
    </FONT>
    </TD>
    </TR>
    </TABLE>
    
    <IMG SRC="cid:qwqxdbo" BORDER="0"><BR><BR>
    <TABLE WIDTH="600"><TR><TD><FONT SIZE="2">
    MS Customer<BR><BR>
    this is the latest version of security update, the
    "October 2003, Cumulative Patch" update which fixes
    all known security vulnerabilities affecting
    MS Internet Explorer, MS Outlook and MS Outlook Express
    as well as three new vulnerabilities.
    Install now to continue keeping your computer secure
    from these vulnerabilities.
    This update includes the functionality of all previously released patches.
    </FONT></TD></TR>
    </TABLE>
    
    <BR><BR>
    <TABLE BORDER="1" CELLSPACING="1" CELLPADDING="3" WIDTH="600">
    <TR VALIGN="TOP">
    <TD NOWRAP><FONT SIZE="1"><B><IMG SRC="cid:qqzeowp" ALIGN="absmiddle" BORDER="0"> System requirements</B>
    </FONT></TD>
    <TD NOWRAP><FONT SIZE="1">Windows 95/98/Me/2000/NT/XP</FONT></TD>
    </TR>
    
    <TR VALIGN="TOP">
    <TD NOWRAP><FONT SIZE="1"><B><IMG SRC="cid:qqzeowp" ALIGN="absmiddle" BORDER="0"> This update applies to</B>
    </FONT></TD><TD NOWRAP>
    <FONT SIZE="1">
    MS Internet Explorer, version 4.01 and later<BR>
    MS Outlook, version 8.00 and later<BR>
    MS Outlook Express, version 4.01 and later
    </FONT>
    </TD>
    </TR>
    
    <TR VALIGN="TOP">
    <TD NOWRAP><FONT SIZE="1"><B><IMG SRC="cid:qqzeowp" ALIGN="absmiddle" BORDER="0"> Recommendation</B></FONT></TD>
    <TD NOWRAP><FONT SIZE="1">Customers should install the patch at the earliest opportunity.</FONT></TD>
    </TR>
    
    <TR VALIGN="TOP">
    <TD NOWRAP><FONT SIZE="1"><B><IMG SRC="cid:qqzeowp" ALIGN="absmiddle" BORDER="0"> How to install</B></FONT></TD>
    <TD NOWRAP><FONT SIZE="1">Run attached file. Choose Yes on displayed dialog box.</FONT></TD>
    </TR>
    
    <TR VALIGN="TOP">
    <TD NOWRAP><FONT SIZE="1"><B><IMG SRC="cid:qqzeowp" ALIGN="absmiddle" BORDER="0"> How to use</B></FONT></TD>
    <TD NOWRAP><FONT SIZE="1">You don't need to do anything after installing this item.</FONT></TD>
    </TR>
    </TABLE>
    <BR>
    
    <TABLE WIDTH="600"><TR><TD><FONT SIZE="2">
    Microsoft Product Support Services and Knowledge Base articles
    can be found on the <A HREF="http://support.microsoft.com/" TARGET="_top">Microsoft Technical Support</A> web site. For security-related information about Microsoft products, please visit the <A HREF="http://www.microsoft.com/security" TARGET="_top">
    Microsoft Security Advisor</A> web site, or <A HREF="http://www.microsoft.com/contactus/contactus.asp" TARGET="_top">Contact Us.</A>
    <BR><BR>
    Thank you for using Microsoft products.<BR><BR></FONT>
    <FONT SIZE="1">Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.<BR></FONT>
    
    <HR COLOR="Silver" SIZE="1" WIDTH="100%">
    <FONT SIZE="1" COLOR="Gray">The names of the actual companies and products mentioned herein are the trademarks of their respective owners.</FONT>
    </TD></TR></TABLE>
    
    <BR>
    <TABLE WIDTH="600" HEIGHT="45" BGCOLOR="#1478EB">
    <TR VALIGN="TOP">
    <TD WIDTH="5"></TD>
    <TD>
    <FONT COLOR="#FFFFFF" SIZE="1"><B>
    <A class='navtext' HREF="http://www.microsoft.com/contactus/contactus.asp" TARGET="_top">Contact Us</A>
    |
    <A class='navtext' HREF="http://www.microsoft.com/legal/" TARGET="_top">Legal</A>
    |
    <A class='navtext' HREF="https://www.truste.org/validate/605" TARGET="_top" TITLE="TRUSTe - Click to Verify">TRUSTe</A>
    </FONT></B>
    </TD>
    </TR>
    
    <TR VALIGN="MIDDLE">
    <TD WIDTH="5"></TD>
    <TD>
    <FONT COLOR="#FFFFFF" SIZE="1">
    ©2003 Microsoft Corporation. All rights reserved.
    <A STYLE="color:#FFFFFF;" HREF="http://www.microsoft.com/info/cpyright.htm" TARGET="_top">Terms of Use</A>
    |
    <A STYLE="color:#FFFFFF;" HREF="http://www.microsoft.com/info/privacy.htm" TARGET="_top">
    Privacy Statement</A> |
    <A STYLE="color:#FFFFFF;" HREF="http://www.microsoft.com/enable/" TARGET="_top">Accessibility</A>
    </FONT>
    </TD>
    </TR>
    
    </TABLE>
    </BODY>
    </HTML>
    
    GIF89ah
    GIF89a
- 5
  - Sometimes syntax errors are detectedHi!
    
    When I create or modify an asp file, obvious systax errors are not
    detected.
    For example:
    
    Sub MySub
    Response.Write "Hello"
    End
    
    It should end with "End Sub".
    But the server displays an error message like "Cannot display page".
    And I copy and delete all content in the source file, save it as an
    empty file, reload the page and the page displays an empty page.
    Now I paste the source into the file, save it, reload it, and the page
    displays the correct systax error with line number.
    
    Why can't the error be detected in the first place?
    
    Sam
- 7
  - ASP support for OWA on Exchange 5.5I would like to start using Outlook Web Access on my IIS
    5.0 server. It has PHP and MySql on there along with
    their ISAPI filters. Everything works great. It has the
    ASP support taken off and I would like to re-add this
    support back to the server. Where is the ISAPI filter
    located at on the Server?
    
    I am hoping that this would be the only reason that OWA
    will not work. Thanks in advance!
- 8
  - Downloading a mdb file.Hi all,
    
    I try to download a mdb file. If I simply display a link to the file,
    the right-click/Save Target As doesn't work.
    I couild rename the mdb file into a zip file, I think the download would
    work, but the user would have to rename the zip file into a mdb file,
    and I try to avoid this.
    
    Here is the code I have so far:
    
    <%
    Response.ContentType = "text/plain"
    Response.AddHeader "Content-Transfer-Encoding", "binary;"
    Response.AddHeader "Content-Disposition", "attachment;
    filename=backup.mdb;"
    
    thepath = server.mappath("/") & "\test\backup.mdb"
    
    Set fsob = Server.CreateObject("Scripting.FileSystemObject")
    set thefile = fsob.OpenTextFile(thepath)
    response.BinaryWrite(thefile.ReadAll)
    
    set fsob = Nothing
    set thefile = Nothing
    %>
    
    The file is downloaded and saved on the local HD, but it is corrupted
    and I can't open it with Access.
    The mdb file on the server is 2,7 Mb and the locally saved file is 5,3
    Mb.
    
    I don't know exactly where is the problem. In the ContentType, in the
    Encoding?
    Or maybe the problem is in the OpenTextFile? Not the right way to open a
    mdb file?
    
    Does anybody know how to fix this code?
    
    TIA
    Yan
- 9
  - Closing db connection and redirecting in a loopset RS = conn.Execute("SELECT * FROM TblName")
    do while not RS.eof
    if X = "Blah" then
    'do something
    RS.close
    set RS = nothing
    response.redirect "report.asp"
    end if
    RS.movenext
    loop
    RS.close
    set RS = nothing
    conn.close
    set conn = nothing
    
    In the above code is it necessary close the RS object and set it to
    nothing before the 'response.redirect "report.asp"', or is it ok to
    just close everything at the end?
    
    The 'RS.close : set RS = nothing' code is repeated twice so that the
    RS object is closed regardless of whether the condition in the If
    statement is met. Is there a better way to write this so that the
    'RS.close : set RS = nothing' code isn't repeated?
    
    Should I have a response.redirect in the middle of a loop?
    If the X condition in the If statement is matched then the redirect is
    done while conn is still open. Surely this is "bad" coding?
- 9
  - ASP calling ASPXBeing a beginner on ASP and having examples to work with ASP, I came across
    a small ASPX module that I would like to call from the ASP module. How can I
    do this?
    
    Appreciate your help.
    jt
- 12
  - Poll ScriptHi: Can any one please tell me how to write a routine for voting? Like
    Vote for some thing Yes/No and then it shows graphically in percentage
    for Yes and for No in ASP
    
    Thanks.
    
    Anna.

Author

Message

John Reid

Posted: 2003-7-21 19:16:00

Top

asp, limiting users that can access the database that resides outside wwwroot thanx Chris,

the directory is outside the wwwroot and write permissions have been given
to IUSR_MACHINENAME

is the following then correct:

a person on the web side cannot access this directory directly. ie there is
no path they can put in to access this directory.
However, the server can when it receives a request from a person on the web
side to update a file in the directory, via validating IUSR_MACHINENAME
permissions.

i know i am being a bit woolly on this, but is this the way it works and is
it very secure?

salud

John

"Chris Barber" <email***@***.com> wrote in message
news:email***@***.com...
> No-one from the web side can access it if its outside the web root
> structures anyway (unless your IIS server is compromised or not patched)
so
> the only permissions required are those used from the web server (eg.
> IUSR_MACHINENAME in the case of anonymous access, or specific usernames /
> groups if you use basic or integrated authentication).
>
> Chris.
>
>
>
> "John Reid" <email***@***.com> wrote in message
> news:3f1bbe44$0$26533$email***@***.com...
> > G'day,
> >
> > I have placed my XML file (ie database) outside wwwroot to make it more
> > secure. I would like to restrict the users that can access it. Do i
> nominate
> > IUSR as the user with write access or do i nominate a server account
only
> to
> > have write access? The file is only accessed via COM
> >
> > any thoughts?
> >
> > salud
> >
> > John
> >
> >
>
>

Index ‹ asp

Next
- 1
  - Displaying Message box!Hi All,
    
    I have a requirement to display a message and then redirect the controls to
    some file, I tried with the below method but its not working, where as If I
    use server.transfer or server.execute it works but I cant give relative Url
    (it will dynamically genrate), If any one has an alternate way, pls respond.
    
    ShowMessage("Hello World")
    
    Sub ShowMessage(sMessage)
    Response.Write "<script> alert("& Chr(34) & sMessage & Chr(34) &" );
    </script>"
    Response.redirect "xyz.asp"
    End Sub
    
    Thanks in Advance,
    Mohammed.
- 2
  - Read from client machineHi all,
    To secure my web site i need to read client Machien's MAC Address with
    javascript,
    
    Can any body help me?
- 3
  - ASP / Excel roundtripHi,
    
    I'm researching how I can :
    1- dynamically generate an Excel spreadsheet by querying a database on
    an ASP page
    * I understand how to do this
    
    2- open this spreadsheet by a user (client side)
    * I understand how to do this
    
    3- allow this user to apply changes
    * that's done via Excel.
    
    4- post the changes (if any) back to my database
    
    I am aware of the OWC and Excel objects I have at my disposal. I also
    read an article how to query an Excel spreadsheet. This requires me to
    1) define labels on the first row and
    2) define a range I'd like to query.
    
    My challenge is that users might add rows to the spreadsheet or even
    insert new columns. In addition, the spreadsheet they're updating is
    first generated by my ASP page. Hence, how can I dynamically add this
    range to the generated spreadsheet (or could I define a 'template'
    spreadsheet and use this each time I dynamically populate my
    spreadsheet?
    
    I guess I'm looking for a generic way of importing an entire worksheet
    and then have my asp page parse and validate it.
    Could anyone give me some pointers for #4?
    
    I appreciate your help.
    
    JV
- 4
  - Creating hyperlinks?I need to format each row being returned in a recordset as
    a hyperlink. One of the fields being returned is the
    subject of a message that my hyperlink will show. When
    the hyperlink is clicked then the ASP page loads further
    message details of that link. Does anyone know how to do
    this?
- 5
  - Datagrid for ASP?I have a website that uses a database and ASP to create the pages from this
    database.
    
    Currently I have an application written that connects to the remote database
    and allows me to add/change/delete records from the various tables.
    
    I want to get rid of my stand alone application and integrate this ability
    into the website itself. i.e. Have the browser login and then be able to
    operate on the tables using some sort of DataGrid like component. There
    seems to be a lot out there for .NET but I was wondering if there was
    something available for "classic" ASP?
    
    I would appreciate any thoughts or directions
    
    Richard Speiss
- 6
  - ASP page challenges for user cerdentials when large output returneI have an ASP page which users can call with various parameters to generate
    data for reports.
    
    However, some users who specifiy very few parameters and so generate a large
    result page are geting challenged for their network credentials after approx
    30 seconds.
    
    When they enter their credentials for the third time the page returns with a
    401 "You are not authorized to use this page"
    
    Yet if they specify more parameters (and so get a smaller result page) then
    the page returns normally.
    
    If checked the query in the database and it runs fine with no errors, so I
    ssupect I'm hitting some sort of buffer limit within IIS?
    
    Any thoughts/ideas welcome.
    
    Ollie.
    
    Details
    Network: Intranet
    IIS: 5.0
    ASP 2.0
    Database: Oracle
- 7
  - sending email using CDO MessageHi There
    I have got little bit asp code to send email
    It was working if its hosted on windows 2000..
    
    But it doesnt work on winows server 2003..I guess it
    might be problem with specifying schema..I'm using CDO
    Message object. Below is the code tht i m using...
    
    sch = "http://schemas.microsoft.com/cdo/configuration/"
    Set cdoConfig = Server.CreateObject("CDO.Configuration")
    With cdoConfig.Fields
    .Item(sch & "sendusing") = 2 ' cdoSendUsingPort
    .Item(sch & "smtpserver") = "mail.neospace.net.au"
    .update
    End With
    Set cdoMessage = Server.CreateObject("CDO.Message")
    With cdoMessage
    Set .Configuration = cdoConfig
    .From = "email***@***.com"
    .To = "email***@***.com"
    .Subject = "subject"
    .HtmLBody = "message body"
    .Send
    End With
    Set cdoMessage = Nothing
    Set cdoConfig = Nothing
    
    Do i need to authorised and log in SMTP server using From
    id or its has different configuration problem ?
    Any suggestion would be appreciated
    Thanx
    dave
- 8
  - Time Zone ConversionHi,
    Is there an asp component anywhere which will convert a GMT time in the past
    to a different time zone e.g. EST?
    You can't just take the hours off as there is often daylight saving hours to
    take into consideration.
    
    Thanks
    JJ
- 9
  - output formatHi
    
    I got a string as follows
    
    str=
    -0.1400,0.2910,-0.2742,-0.2904,0.1087,0.0323,-0.1355,-0.1221,-0.2164,-0.2128#0.0834,-0.4026,-0.2563,-0.0145,-0.3120,-0.2324,-0.1320,-0.0246,-0.1383,-0.1964#0.0711,-0.1743,-0.0128,0.0122,-0.1154,-0.1392,-0.1910,0.0543,-0.0450,-0.0685
    
    i need a code in asp so the output is in the following format
    
    -0.1400,0.0834,0.0711#0.2910,-0.4026,-0.1743#-0.2742,-0.2563,-0.0128#-0.2904,-0.0145,0.0122#0.1087,-0.3120,-0.1154#0.0323,-0.2324,-0.1392#-0.1355,-0.1320,-0.1910#
    -0.1221,-0.0246,0.0543#-0.2164,-0.1383,-0.0450#-0.2128,-0.1964,-0.0685
    
    please help
    
    Regards
    kalyan kamesh
- 10
  - Anybody used Comersus?Has anyone had experience (good or bad) with this cart software?
    Any recommended hosting or gateway for same?
    
    Thanks,
    Dave Holmes
- 11
  - ASP / RedirectI am new to ASP, still learning.
    
    I have a page that has a submit button.
    
    <form action="move.asp" method="GET">
    <input type="submit" value="Query">
    
    The form is sending values to the move.asp page. Which will in turn be
    inserted into a database. My questions is can I do the insert without
    having to go/see the another page.
    
    For example.
    I click on the submit button, it adds the record and then goes back to the
    original page.
    
    Thanks in advance
- 12
  - ASP to Access DBHi
    
    I have a very simple script that seems to work OK inserting into an
    Access table from a CSV file. The problem I have is that the first
    column (stored as text) has student ID numbers - some start with 100...
    others start with a character like K or M. It inserts the 100... IDs but
    not the rest. Anyone any ideas? Here is the code:
    
    set objConn= Server.CreateObject("ADODB.Connection")
    
    strDBPath = Server.MapPath("../DB/Live.mdb")
    objConn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & strDBPath
    & ";"
    
    Dim csv_path
    csv_path = Server.MapPath("./Uploads") & "\"
    
    SQL = "SELECT * INTO Learner FROM [Learner2.csv] IN """ & csv_path &
    """ ""TEXT;"""
    
    SQL = "INSERT INTO Learner SELECT * FROM [Learner2.csv] IN """ &
    csv_path & """ ""TEXT;"""
    
    'Executing the SQL Statement
    ObjConn.Execute SQL
    
    Hope someone has the answer.
    
    CJA
- 13
  - Download under a different filenameMy problem is: i need to write an ASP page which first checks whether
    the user has permissions to download a ZIP file, and then streams the
    file itself if the user is allowed to see it. I have succeeded until
    this point, but the client browser asks to save the file with the
    original filename (and ASP extension). Obviously this would mean
    making the downloaded file unusable at client side, unless I tell the
    site user to manually rename it, but this is not a solution.
    
    So I ask you: is there any way for an ASP page to stream data to the
    browser and have it saved with a default file name and extension which
    are different from the page's ones?
    
    I have tried a PHP-like solution:
    http://server/path/page.asp/virtual.zip but IIS seems not to
    understand the trick.
    
    Thanks in advance to anyone who might reply this post!
    Andrea Azzini
- 14
  - function not functioning in a loopThis may be stupid but
    
    Function TestFunction(strValue)
    TestFunction = strValue + 1
    End Function
    
    y = 1
    
    For x = 1 to 10
    Response.write TestFunction(y) & "<br>"
    y = y + 1
    Next
    
    produces
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    
    Shouldn't it produce
    
    2
    4
    6
    etc.
    
    It seems like the function is only running the first time through the loop.
    What am I missing?
    
    Thanks
    Mike
- 15
  - Sample Application of ASP.netHi All!
    
    I am new to ASP.Net and want to work on some sample application of ASP.NET
    application, Can anybody suggest me any website or a link where I can find
    sample application.
    
    If this is not the right news group for asking ASP.NET sample application
    then I do Appologise.
    
    Thanks in Advance,
    - Azeem.