image\cslogo3d1.gif

Configuring File System Access

You might want to enable access by an ASP application to a directory in the file system that is not contained in the ASP application root directory or its subdirectories. In order to configure this type of access, you must edit the EnableParentPaths setting in the Chili!Soft ASP configuration file, casp.cnfg, as described in "Editing the Chili!Soft Configuration File" in this chapter. However, be aware that doing this can affect the security of your server, as explained later in this topic.

By default, EnableParentPaths is set to No. When EnableParentPaths is set to No, a FileSystemObject instantiated by an ASP application is limited to that application’s defined directory. In this case, #include statements cannot use the "../" syntax to access files outside the ASP application root directory. This is the most secure setting, and is appropriate for most shared Web hosting environments.

When EnableParentPaths is set to Yes, the FileSystemObject can access files outside the ASP application directory. In this scenario, ASP developers can use the "../" syntax in #include statements to access any file outside of the Web directory that the ASP Server has file system permission to read.

Warning! Important Security Information

Changing EnableParentPaths to Yes can affect the security of your server. Before you change this setting, make sure that your ASP Server has permission to access only the files you want to be publicly accessible, and that it does not have access to sensitive files containing configuration or password information. You can restrict the permissions of the ASP Server by defining the user it runs under, and making sure that user has appropriately restricted file-system permissions. For more information, see the next topic, "Setting the Security Mode."

See also:

Defining ASP Applications on the Server in this chapter

Using Server-side Includes in "Chapter 4: Building a Chili!Soft ASP Application"

Copyright 2001 Sun Microsystems, Inc. All rights reserved. Legal Notice.