VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 VP-ASP 6.00 Questions
 Database location for security
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

newbycartuser
Starting Member

32 Posts

Posted - December 22 2005 :  00:52:18  Show Profile  Reply with Quote
I have my database in a secure location, but when I go to enter the location in the shop$config.asp I get an error message that / and ../ are not allowed.

So, my question is, how can I secure the folder if I can't put the path to it? The directory is on the server and doesn't have a real url, but it is at ../and then the area name and possibly another name.

I have tried everything, and htaccess denies all access, so that's not an option either.

HELP!!!!

support
Administrator

4266 Posts

Posted - December 22 2005 :  04:14:55  Show Profile  Visit support's Homepage  Reply with Quote
If your host disallows these characters then you would need to access your database using a DSN. You would need to talk to them about having a DSN created.

If you cannot use .. but can use \ then you can specify the physical path of the database.

Regards,

VPASP Support
Go to Top of Page

newbycartuser
Starting Member

32 Posts

Posted - December 22 2005 :  10:30:27  Show Profile  Reply with Quote
ok, this time it worked. But now, I am getting an error:

ADODB.Recordset error '800a0e7d'
The connection cannot be used to perform this operation. It is either closed or invalid in this context.
/shopshippingcalc.asp, line 150


What files do I have to change to get the database location right and the scripts to load properly?
Go to Top of Page

support
Administrator

4266 Posts

Posted - December 22 2005 :  13:47:41  Show Profile  Visit support's Homepage  Reply with Quote
You need to make sure your database folder has read/write permissions applied in NTFS and the Read permissions removed in IIS.

Your web host can configure this.

Thank you
VPASP Support
Go to Top of Page

newbycartuser
Starting Member

32 Posts

Posted - December 23 2005 :  01:25:29  Show Profile  Reply with Quote
Thank you....... worked like a charm....... my isp changed things for me and even offered to pay for the test order!

They are also giving me access to their security certificate so that I can do my admin securely.

I am so glad I made this choice..... and I am sure my customers will too.

I am a happy camper!

Merry Christmas...... and I hope you get the snow we don't need!
Go to Top of Page

pedro
Starting Member

6 Posts

Posted - April 25 2008 :  04:19:41  Show Profile  Reply with Quote

I have tried to set the physical path in shop$config.asp for the database setting and I am getting an error that I must use a virtual path not a physical path.

Its this a hosting error or a vpasp error ?

I also cannot use ".." characters

Any help would be appreciated
Go to Top of Page

devshb
Senior Member

United Kingdom
1898 Posts

Posted - April 25 2008 :  05:01:08  Show Profile  Visit devshb's Homepage  Reply with Quote
It's not really an error as such, it's an option (ie you can get around it by using literal paths instead of relative paths)

There are 2 solutions:
1) Get your host to allow relative paths
or
2) Use literal/absolute path instead in the shop$config.asp option

I'd personally go for option 1 if possible, ie contact the host and ask if they can "enable parent paths"

Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons
Go to Top of Page

pedro
Starting Member

6 Posts

Posted - April 25 2008 :  05:12:00  Show Profile  Reply with Quote
The physical path of d:\webspace\sitename\databasedir
wont work as it generates this error

Server.MapPath() error 'ASP 0172 : 80004005'
Invalid Path

/shop/diag_dbtest.asp, line 602

The Path parameter for the MapPath method must be a virtual path. A physical path was used.


So what I am wondering is this fixed somehow in vpasp or is it something I need my host to look at

Thanks for the quick reply
Go to Top of Page

devshb
Senior Member

United Kingdom
1898 Posts

Posted - April 25 2008 :  05:55:59  Show Profile  Visit devshb's Homepage  Reply with Quote
try using a dblocation like:

"/databasedir"

instead of a full physical path (ie not relative, but not full absolute either)

Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons
Go to Top of Page

pedro
Starting Member

6 Posts

Posted - April 25 2008 :  06:12:54  Show Profile  Reply with Quote
Thats doesnt work because the database is above the website root directory

/database tries to load wwwroot/database


I can certainly load it from within the wwwroot dir but its not secure then.

Go to Top of Page

devshb
Senior Member

United Kingdom
1898 Posts

Posted - April 25 2008 :  06:30:32  Show Profile  Visit devshb's Homepage  Reply with Quote
if the slash at the front of the virtual path points to a browsable www area, and physical paths aren't allowed, and neither are parent paths allowed, then I can't see how you can make it secure; I reckon it's a hosting problem; I'd ask the host to enable parent paths and then use a dblocation like:

"../database"

or....

use a full physical path and change this line in shop$db.asp and the diag file:

strconn = "provider=microsoft.jet.oledb.4.0;persist security info=false;data source=" & Server.MapPath(database)

to something like:

strconn = "provider=microsoft.jet.oledb.4.0;persist security info=false;data source=" & database

or....

try using "DRIVE" as the database type in shop$config.asp

Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons

Edited by - devshb on April 25 2008 06:33:23
Go to Top of Page

pedro
Starting Member

6 Posts

Posted - April 25 2008 :  06:43:00  Show Profile  Reply with Quote
The "Drive" option did the job

Thank you very much ... I have been doing battle with this for a few hours.

Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000