Loading ...
Sorry, an error occurred while loading the content.

global.asa and security

Expand Messages
  • D. L. Fox
    From the Apache::ASP documentation: Default for Global is the directory the script is in (e.g. . ), but should be set to some directory not under the www
    Message 1 of 1 , Sep 6, 2003
    • 0 Attachment
      From the Apache::ASP documentation:

      "Default for Global is the directory the script is in (e.g. '.'), but should
      be set to some directory not under the www server document root, for
      security reasons, on a production site."

      According to $Server->Config(), my site host has Global set to /tmp, which
      is fine as far as what the above states. It does not appear to be
      accessible via the web. However, in another section, the documentation also
      states:

      "Make sure Global is set to where your web applications global.asa is if you
      have one!"

      I thought perhaps I could redefine Global specifically for my site using
      .htaccess. However, I have noticed I am not allowed to create any
      files/directories outside my www root in which to place the global.asa file.

      Should I not use a global.asa file, since I can only place it under my www
      root?


      ---------------------------------------------------------------------
      To unsubscribe, e-mail: asp-unsubscribe@...
      For additional commands, e-mail: asp-help@...
    Your message has been successfully submitted and would be delivered to recipients shortly.