Loading ...
Sorry, an error occurred while loading the content.

Re: global.asa horrors ?

Expand Messages
  • Joshua Chamas
    ... Good point. I don t do this with the examples though because I actually want people to see the global.asa there. This tip would be a good candidate for
    Message 1 of 4 , May 3 9:06 AM
    • 0 Attachment
      Thanos Chatziathanassiou wrote:
      >
      > I had a nifty idea the other day: "what if I request the global.asa
      > directly through http ?". Well, it kind of turned out exactly as I had
      > hoped it wouldn't: apache returned the global.asa in plaintext.
      > Now, that's all ok, but my global.asa contained the database password
      > DBI used to access my db.
      >
      > Since this isn't obvious for the casual user, I propose that the
      > following be included in httpd.conf:
      >
      > <Files global.asa>
      > Order deny,allow
      > Deny from all
      > </Files>
      >

      Good point. I don't do this with the examples though because
      I actually want people to see the global.asa there. This tip
      would be a good candidate for the would be style guide.

      Another option users have is to locate the global.asa to
      some other directory that is not www browsable:

      PerlSetVar Global /cannot/browse/this/path

      --Josh

      _________________________________________________________________
      Joshua Chamas Chamas Enterprises Inc.
      NodeWorks Founder Huntington Beach, CA USA
      http://www.nodeworks.com 1-714-625-4051

      ---------------------------------------------------------------------
      To unsubscribe, e-mail: asp-unsubscribe@...
      For additional commands, e-mail: asp-help@...
    • Ellers
      ... FWIW we always put the global.asa outside of the html tree. The purpose of the global.asa file is not to be exposed to the httpd server, so it doesn t
      Message 2 of 4 , May 3 6:15 PM
      • 0 Attachment
        >
        > > Since this isn't obvious for the casual user, I propose that the
        >> following be included in httpd.conf:
        >>
        >> <Files global.asa>
        >> Order deny,allow
        >> Deny from all
        >> </Files>
        >>
        >...
        >Another option users have is to locate the global.asa to
        >some other directory that is not www browsable:
        >
        > PerlSetVar Global /cannot/browse/this/path

        FWIW we always put the global.asa outside of the html tree. The
        purpose of the global.asa file is not to be exposed to the httpd
        server, so it doesn't belong there unless its intentionally being
        exposed, as with Joshua's examples

        Ellers

        ---------------------------------------------------------------------
        To unsubscribe, e-mail: asp-unsubscribe@...
        For additional commands, e-mail: asp-help@...
      Your message has been successfully submitted and would be delivered to recipients shortly.