[thelist] .asp include page not previewing

Chris.Marsh at Callserve.com Chris.Marsh at Callserve.com
Thu Jan 20 14:39:12 CST 2005


> >> Active Server Pages, ASP 0126 (0x80004005)
> >> The include file '../SSI/footer.asp' was not found.
> >> /new site testing/Parents/Testing.asp, line 123
> >> 
> >> anyone see what I might be doing wrong?
> 
> >AFAIK, "virtual" is from the website root. Hence, you should use the 
> >path: "SSI/footer.asp".
> 
> And if that doesn't work, you know, you could just ahhh make 
> sure the file
> is there... maybe ;-)

It doesn't matter whether the file is there or not. Unless you have
explicitly allowed upward directory traversal in file paths for server side
includes, the file won't be found.

As an aside, the MSDN library page I posted the link for specified that it
is recommended to use the "inc" suffix for server-side include files. I
would disagree with this from a security perspective. Bruce has (IMHO)
correctly used .asp, which means that should an attacker become aware of the
directory structure of the website and the names of any included files, the
files would not expose source code if browsed to.

Regards

Chris Marsh

_______________________________________________________________________
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender and delete the email immediately. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. 

Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company.

Finally, the recipient should check this email and any attachments for the presence of viruses. Callserve Communications accepts no liability for any damage caused by any virus transmitted by this email. _______________________________________________________________________
This email has been scanned for all viruses by the MessageLabs SkyScan
service.


More information about the thelist mailing list