Loading ...
Sorry, an error occurred while loading the content.

global.asa horrors ?

Expand Messages
  • Thanos Chatziathanassiou
    I had a nifty idea the other day: what if I request the global.asa directly through http ? . Well, it kind of turned out exactly as I had hoped it wouldn t:
    Message 1 of 4 , May 3, 2002
    • 0 Attachment
      I had a nifty idea the other day: "what if I request the global.asa
      directly through http ?". Well, it kind of turned out exactly as I had
      hoped it wouldn't: apache returned the global.asa in plaintext.
      Now, that's all ok, but my global.asa contained the database password
      DBI used to access my db.

      Since this isn't obvious for the casual user, I propose that the
      following be included in httpd.conf:

      <Files global.asa>
      Order deny,allow
      Deny from all
      </Files>

      just to be on the safe side...

      Thanos Chatziathanassiou



      ---------------------------------------------------------------------
      To unsubscribe, e-mail: asp-unsubscribe@...
      For additional commands, e-mail: asp-help@...
    • Sven Kohler
      you should perhaps set Apache::ASP to also execute .asa files like .asp files ... From: Thanos Chatziathanassiou To:
      Message 2 of 4 , May 3, 2002
      • 0 Attachment
        you should perhaps set Apache::ASP to also execute .asa files like .asp
        files

        ----- Original Message -----
        From: "Thanos Chatziathanassiou" <tchatzi@...>
        To: <asp@...>
        Sent: Friday, May 03, 2002 2:19 PM
        Subject: global.asa horrors ?


        > I had a nifty idea the other day: "what if I request the global.asa
        > directly through http ?". Well, it kind of turned out exactly as I had
        > hoped it wouldn't: apache returned the global.asa in plaintext.
        > Now, that's all ok, but my global.asa contained the database password
        > DBI used to access my db.
        >
        > Since this isn't obvious for the casual user, I propose that the
        > following be included in httpd.conf:
        >
        > <Files global.asa>
        > Order deny,allow
        > Deny from all
        > </Files>
        >
        > just to be on the safe side...
        >
        > Thanos Chatziathanassiou
        >
        >
        >
        > ---------------------------------------------------------------------
        > To unsubscribe, e-mail: asp-unsubscribe@...
        > For additional commands, e-mail: asp-help@...
        >
        >


        ---------------------------------------------------------------------
        To unsubscribe, e-mail: asp-unsubscribe@...
        For additional commands, e-mail: asp-help@...
      • Joshua Chamas
        ... Good point. I don t do this with the examples though because I actually want people to see the global.asa there. This tip would be a good candidate for
        Message 3 of 4 , May 3, 2002
        • 0 Attachment
          Thanos Chatziathanassiou wrote:
          >
          > I had a nifty idea the other day: "what if I request the global.asa
          > directly through http ?". Well, it kind of turned out exactly as I had
          > hoped it wouldn't: apache returned the global.asa in plaintext.
          > Now, that's all ok, but my global.asa contained the database password
          > DBI used to access my db.
          >
          > Since this isn't obvious for the casual user, I propose that the
          > following be included in httpd.conf:
          >
          > <Files global.asa>
          > Order deny,allow
          > Deny from all
          > </Files>
          >

          Good point. I don't do this with the examples though because
          I actually want people to see the global.asa there. This tip
          would be a good candidate for the would be style guide.

          Another option users have is to locate the global.asa to
          some other directory that is not www browsable:

          PerlSetVar Global /cannot/browse/this/path

          --Josh

          _________________________________________________________________
          Joshua Chamas Chamas Enterprises Inc.
          NodeWorks Founder Huntington Beach, CA USA
          http://www.nodeworks.com 1-714-625-4051

          ---------------------------------------------------------------------
          To unsubscribe, e-mail: asp-unsubscribe@...
          For additional commands, e-mail: asp-help@...
        • Ellers
          ... FWIW we always put the global.asa outside of the html tree. The purpose of the global.asa file is not to be exposed to the httpd server, so it doesn t
          Message 4 of 4 , May 3, 2002
          • 0 Attachment
            >
            > > Since this isn't obvious for the casual user, I propose that the
            >> following be included in httpd.conf:
            >>
            >> <Files global.asa>
            >> Order deny,allow
            >> Deny from all
            >> </Files>
            >>
            >...
            >Another option users have is to locate the global.asa to
            >some other directory that is not www browsable:
            >
            > PerlSetVar Global /cannot/browse/this/path

            FWIW we always put the global.asa outside of the html tree. The
            purpose of the global.asa file is not to be exposed to the httpd
            server, so it doesn't belong there unless its intentionally being
            exposed, as with Joshua's examples

            Ellers

            ---------------------------------------------------------------------
            To unsubscribe, e-mail: asp-unsubscribe@...
            For additional commands, e-mail: asp-help@...
          Your message has been successfully submitted and would be delivered to recipients shortly.