| Author |
 Topic  |
|
|
newbycartuser
Starting Member
32 Posts |
 Posted - December 22 2005 : 00:52:18
|
I have my database in a secure location, but when I go to enter the location in the shop$config.asp I get an error message that / and ../ are not allowed.
So, my question is, how can I secure the folder if I can't put the path to it? The directory is on the server and doesn't have a real url, but it is at ../and then the area name and possibly another name.
I have tried everything, and htaccess denies all access, so that's not an option either.
HELP!!!! |
|
|
support
Administrator
4679 Posts |
Posted - December 22 2005 : 04:14:55
|
If your host disallows these characters then you would need to access your database using a DSN. You would need to talk to them about having a DSN created.
If you cannot use .. but can use \ then you can specify the physical path of the database.
Regards,
VPASP Support |
 |
|
|
newbycartuser
Starting Member
32 Posts |
Posted - December 22 2005 : 10:30:27
|
ok, this time it worked. But now, I am getting an error:
ADODB.Recordset error '800a0e7d'
The connection cannot be used to perform this operation. It is either closed or invalid in this context.
/shopshippingcalc.asp, line 150
What files do I have to change to get the database location right and the scripts to load properly? |
|
|
|
support
Administrator
4679 Posts |
Posted - December 22 2005 : 13:47:41
|
You need to make sure your database folder has read/write permissions applied in NTFS and the Read permissions removed in IIS.
Your web host can configure this.
Thank you
VPASP Support |
|
|
|
newbycartuser
Starting Member
32 Posts |
Posted - December 23 2005 : 01:25:29
|
 Thank you....... worked like a charm....... my isp changed things for me and even offered to pay for the test order!
They are also giving me access to their security certificate so that I can do my admin securely.
I am so glad I made this choice..... and I am sure my customers will too.
 I am a happy camper!
Merry Christmas...... and I hope you get the snow we don't need! |
|
|
|
pedro
Starting Member
6 Posts |
Posted - April 25 2008 : 04:19:41
|
I have tried to set the physical path in shop$config.asp for the database setting and I am getting an error that I must use a virtual path not a physical path.
Its this a hosting error or a vpasp error ?
I also cannot use ".." characters
Any help would be appreciated |
|
|
|
devshb
Senior Member
United Kingdom
1904 Posts |
Posted - April 25 2008 : 05:01:08
|
It's not really an error as such, it's an option (ie you can get around it by using literal paths instead of relative paths)
There are 2 solutions:
1) Get your host to allow relative paths
or
2) Use literal/absolute path instead in the shop$config.asp option
I'd personally go for option 1 if possible, ie contact the host and ask if they can "enable parent paths"
Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons |
|
|
|
pedro
Starting Member
6 Posts |
Posted - April 25 2008 : 05:12:00
|
The physical path of d:\webspace\sitename\databasedir
wont work as it generates this error
Server.MapPath() error 'ASP 0172 : 80004005'
Invalid Path
/shop/diag_dbtest.asp, line 602
The Path parameter for the MapPath method must be a virtual path. A physical path was used.
So what I am wondering is this fixed somehow in vpasp or is it something I need my host to look at
Thanks for the quick reply
|
|
|
|
devshb
Senior Member
United Kingdom
1904 Posts |
Posted - April 25 2008 : 05:55:59
|
try using a dblocation like:
"/databasedir"
instead of a full physical path (ie not relative, but not full absolute either)
Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons |
|
|
|
pedro
Starting Member
6 Posts |
Posted - April 25 2008 : 06:12:54
|
Thats doesnt work because the database is above the website root directory
/database tries to load wwwroot/database
I can certainly load it from within the wwwroot dir but its not secure then.
|
|
|
|
devshb
Senior Member
United Kingdom
1904 Posts |
Posted - April 25 2008 : 06:30:32
|
if the slash at the front of the virtual path points to a browsable www area, and physical paths aren't allowed, and neither are parent paths allowed, then I can't see how you can make it secure; I reckon it's a hosting problem; I'd ask the host to enable parent paths and then use a dblocation like:
"../database"
or....
use a full physical path and change this line in shop$db.asp and the diag file:
strconn = "provider=microsoft.jet.oledb.4.0;persist security info=false;data source=" & Server.MapPath(database)
to something like:
strconn = "provider=microsoft.jet.oledb.4.0;persist security info=false;data source=" & database
or....
try using "DRIVE" as the database type in shop$config.asp
Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons |
Edited by - devshb on April 25 2008 06:33:23 |
|
|
|
pedro
Starting Member
6 Posts |
Posted - April 25 2008 : 06:43:00
|
The "Drive" option did the job
Thank you very much ... I have been doing battle with this for a few hours.
|
|
|
| |
Topic |
|
All Forums
Database location for security
New Topic
Printer Friendly
TrustGuard - PCI Security Scanner
