Blog Entry: 3/25/2006 1:46:59 PM
also.. every once in a while I get some nervous person concerned about security... and the pros and cons of having parent paths enabled.
etc etc etc
so let me add this bit of info..
I don’t know what your hosting company will say because it is an iffy topic and those that understand it have a hard time explaining it to someone who doesn't. Also usually the hosting company doesn't have a clue except they heard it was a security risk.
Here is the low down from someone that really understands it...
(well, at least I think I do)
The only real security risks are from YOU and possibly other people hosting on the same server if they have parent paths enabled that is.
Meaning your site visitors can't possibly do anything with it unless of course you let them upload and run their own asp files to the server.
Anyway.. if YOU run malicious asp scripts you could potentially attack other sites on the server and look at things you shouldn't. As could other sites on the same server do to you I suppose.
So, unless you plan on doing that or some other site admin on the server does it to you its not really a concern. Just an advantage in coding abilities.
If you attack someone elses site on the server or lurk where you shouldnt then you are probably violating your hosting agreement.
99% of the time everyone gets all nervous over nothing.. half the people nervous about this have sites nobody would ever want to hack anyway.
Many people with a really important/busy sites are going to have a dedicated server somewhere so the setting is not relevant..
The hosting companies of course have to warn you.
This setting was enabled by default for years on IIS4-IIS5. I never once heard one single real story about anyone attacking anything because of this setting. That doesn't mean it doesn't happen but I am just telling you what I know.
This is all my opinion so take it for what it is...
If you are a Hosting Company your better off turning it on at the customers request, giving them a warning about it, and in turn having happy customers.
The big hosting companies like Alentus and MaximumASP do it...
There are far worse things than this to let people do after all.
Beleive it or not I have actually been in servers where they gave the anonymous webserver acount modify permissions EVERYWHERE yet they disabled parent paths ???? cwilliams38391.6024189815, Yes worked fine
thanks ,
ok.. glad it is doing it's thing, How do I change the character length for the description field? , Well, you cant have a login box on the home page when using ASPProtect.NET.. there is no way to make that work. I tried all day to come up with something and it is not going to happen. I suggest you make a login button and link it directly to the protected page you want them to start on. The redirect or link them whereever from there. Either that or write your own forms based authentication solution that works exactly the way you want it to or edit the code accordingly since you have the source. It is not a feature we advertise for the product regardless. It works the way it works. , ummm.. ok.. Then this doesnt make sense. On two out of the three machines I have in house here, the images do not show up. They only show up on the server machine. I am using the constant url on all three machines. www.rfamilystuff.com Does it show up on your?
, We want to insert a hyperlink i the mesage area when we e-mail users from the Password Admin area. Is ther an easy way to insert the hyperlink so when the user gets the e-mail, they can just click on it and go the the page we want them to?
Thanks,
Andy cwilliams38456.0983101852, Where is the system getting the random user name and password, and why does it keep selecting the same user name and password every time?
, Yep, thats my thinking as well.
On the test server I have the site connected to a SQL 2000 db with the sa account, so it should have full control. But still no luck.
However, on the test server, I connected to the Access 2002 db and it works fine..adding user, adding categories, adding albums.
Weird  , Oh big deal !!... John mentioned some site and you feel like you proved some sort of point. Aren't you special ?
Look, I am telling for the 3rd time you can't do what you are talking about with ASPProtect.NET. Are you braindead cause I really am beginning to think you are and I for one am done trying to be somewhat nice to you ??????
I am also willing to bet you had no idea what viewstate even was until I mentioned it and then you probably went and read up about it so quit trying to pretend like you know what is going on! If you knew what was going on you would not be asking more questions about ASPProtect.NET than any customer in the history of selling the application.
As a matter of fact you should send me like 400.00 just for all my time you have taken up because you are totally frigin clueless !!!!!
I should have cut you off the instant you offered me illegal software from p2p right in a forum post., do you have "use picture uploading" checked in the settings ?
that is important..
have proper permissions been set on the picture folder ?
are the paths set correctly for the picture folder ?, I didn't know about it. I will try to check it out some more this week.
, Hello -
Believe it or not I finally can access the photogallery. You were right Chris regarding the unzipping of the files.
Now onto the next challenge! I have set up three categories and proceeded to create a test album. I uploaded a couple of pictures (yeah that worked!!!) but the album does not show up on the default.asp page under the category.
Please advise -
Rhona (rookie)  , Hi all
I logged in myself to my website, and I tried to log in to another with same username and password. But I was able to log in again.
It was supposed to block me from logging in, but it let me to log in.
there has got to be some configurations I must have missed.
Could you instruct me on this Concurrrent login so mine works as well...
thanks
, Humm, Did you make any changes to the code ?
Solid Black is not the default so it must have changed at least once.
Otherwise it might be some sort of application variable problem.
I would make sure the web is and "application" in the IIS console.
, UPDATE... on very very busy sites these methods have been reported to fail once in a while.. meaning .NET gets overloaded and instead of a banner its shows some error code.
its not the banner system .. its the .net engine and the calling method cwilliams38326.8618865741, Hello,
What is the difference between the paypal_sub_signup and the paypal_signup directories? Also, I know it depends, but what directories and files can I delete from my web server if I am not using them? I copied the entire set of files that came with the program over to the webserver and I am concerned that there is too much out there.
Jess cwilliams38446.6304050926, I have been working on this. 2Checkout is like the most confusing and worst payment processing company on the planet. There are things about that page I just don not understand as many times as I read through it.
Doesn't seem like this stuff is mandatory just yet. (I asked)
I should have something soon. , one more problem I see...
I think your login box on the main page is missing the hidden form variable
http://support.cjwsoft.com/code/moreinfo169-1.htm, Your going to have a lot of problems and a lot of the code will have to be re-written.
There are a lot of things in the the code that the MYSQL database system does not support or has issues with . I know because I once made a version of ASPBanner work with MYSQL and it took weeks of work to get it stable.
Null field types can cause problems... but mostly ADO updates which I don't think MYSQL supports at all. All of the ADO stuff would have have to be rewritten.. etc etc
That's probably why you cant get much of the code to write to the database.
Here is a generic example.
An update to an existing record using ADO
http://www.powerasp.com/content/database/ado_update.asp
And update to an existing record using an update query.
http://www.powerasp.com/content/database/using_update.asp
All through the the code the ADO updates would have to converted to update queries which means a lot of work.
I used ADO a lot because I like it and it is little easier to validate data before it is written to the database.
It is also a little easier for customers to understand when they look at the code.
Anyway....
The app just was not designed to work with MYSQL.
It was specifically designed to work with MSSQL and MSACCESS only.
This holds true for all of our applications.
Your running off an IIS 5 Server so I would suggest just using MSACCESS as the database. The Photo Gallery app will run very well using MSACCESS. , 1st off, what application is this in reference too?
This question should be under that application's area in the forum.
2nd, really need more information and details. There are many ways and methods to send emails and they can all effect what gets delivered and what does not. All on an email server side of things. (I always recommend using the CDOSYS option using SMTP authentication with a real external email that has valid MX records) see my article...
http://www.powerasp.com/content/new/sending_email_cdosys.asp
3rd, your not telling me how many users we are talking about. ASP is not a very efficient way to send emails and extremely large amounts of users should be sent emails in a different way then from an asp application. It is just the nature of the technology being used. Some of different emailing methods the application supports may or may not give you better results. It is really best to experiment though honestly the option I mentioned above is always the best in my experience.
4th, if you are not getting a timeout or a scripting error than the ASP part of things is making it through the amount of users. You have to remember that often time emails that get sent out from web sites end up in junk filters for whatever reason. That is just another fact and why it it is usually best to send out serious newletters using a stand alone application like WorldCast or something.
I am doing a lot of guessing here because you really did not tell me much. I also still am not sure what application this is in reference to as 3 of my apps have newsletter features of sorts. , Banners no longer show up on my site ?
If banners were working fine and now they are just not showing up.
1st check to see that you are calling a valid zone with live banners in it.
If you are then most likely this it what hapened.
The web server must have crashed or lost power and now the application variables are in limbo/not working.
I have seen this happen a few times.
Basically the application variable system gets messed up because it was not shut down properly.
The way to cure it is as follows.
Edit and save a banner in the system. Hopefully that gets things going again.
If this happens a lot it is a server issue, not ASPBanner's fault. cwilliams38415.0978935185, This post unfortutely needs to be here because this application has been the biggest pain in the neck for me you could possibly imagine. This is not because of problems with the application, but because of people's general lack of knowlegde regarding ASP.NET. This post totally voices my stance on what sort of knowledge you need to have and also the fact that I am not going to support anything but general installation on a correctly and professionaly set up live server.
ASPProtect.NET is a great application but using ASP.NET requires a lot more basic knowledge than using classic ASP and there are a lot of basic low level ASP.NET things that need to be set up correctly for an application like ASPProtect.NET to run. These are things I do not cover because you should know the ASP.NET basics when using an application as complex as this. It's just that I don't have time to nor should I have to teach people the basics of ASP.NET. I don't charge nearly enough for ASPProtect.NET to offer that kind of support.
So, I will say it one more time. ASPProtect.NET is targeted towards experienced Visual Studio.NET developers that know how to work with Code Behind VB.NET and are familiar with basic ASP concepts such as IIS application settings, the .NET framework, the aspnet_client folder, and the basics of the web.config file. If you are using ASP.NET for whatever reason you need to know about these things. The best way is to get some good books and do set up ASP.NET on a local development machine so you can start learning.
If you are one of the ASP.NET challenged let me say this as well.
Stick with Classic ASP. ASP.NET is a step in the wrong direction for the average user which I like to refer to as "Joe Coder". Classic ASP is very powerful and easy to pick up. ASP.NET is not easy to pick up and never will be for a lot of people. In my opinion it’s actually the wrong technology to use for anyone other than big corporations who need extreme scalability in their applications or for the hobbyist or object oriented programmer who just wants to use the latest and greatest. Ask yourself if you really want to deal with compiling Code Behind code each time you make changes to your web site as opposed to just editing some files in notepad real quick like you can do with classic ASP ? Do you have the money to purchase and use Visual Studio.NET or are you going to struggle with compiling all your ASP.NET pages using a command line compiler and a batch file ? Yes, you can build ASP.NET code that isn't code behind but why even bother if that is the case because your missing the point of ASP.NET if you do that and missing out on a lot of powerful new features and concepts.
When I do custom projects for bigger clients I usually end up using ASP.NET because they want to go that way and understand the time and money involved. When I do any of my own projects I use Classic ASP because the truth is you can still make some rockin busy scalable web sites with Classic ASP just like you can still make great web sites with CGI, PP, Cold Fusion.. etc etc. Look around the web because a lot of the biggest sites out there still use those scripting technologies and their stuff runs very well. ASP.NET is a lot of hype and although some things about it are plain awesome it is an environment best suited for real object oriented programmers, not the weekend code warriors.
The other thing to keep in mind about classic ASP is the shear abundance of applications and scripts available for it. ASP.NET can be expensive for that reason alone as there still is a shortage of good time tested applications out there and what is out there is always priced a lot higher.
In addition to that half of the ASP.NET applications out there are just half baked poorly converted versions of their Classic ASP counterparts. Is that the kind of thing you want to sink twice the money into or would you rather have something that runs well and has been tweaked year after year into a rock solid product?
To make things worse a lot of the hosting companies out there offering ASP.NET hosting are severely limiting the basic abilities of ASP.NET because of various security concerns. This means if you go with a Host that does that 75% of the asp.net stuff out there won't run on the hosted server. Isn't that wonderful ?
Now, Let's make things even worse. So far every time Microsoft has released a new version of ASP.NET a lot of things from the previous version have stopped working and needed to be modified to work correctly. Is that really something you will have the time, resources, and energy to deal with.
You may ask "but is classic ASP going to be around 5 years from now?" Though you never really know until the new version of windows server ships I say "Hell Yes" it will be. According to my sources at Port80 Software who work very closely with the folks at Microsoft (as well as many other sources out there) it will almost certainly be in Longhorn which is the next version of Windows Server. Longhorn probably won't come out until 2007 and will be popular for 3-4 years after that. The version of windows server after that will most likely support Classic ASP as well and if it doesn't I am sure there will be a way to make ASP run on it. If you really look around a lot of hosting companies are still running Windows Server 2000 which is 5 years old at the moment. The bottom line is Classic ASP helped put Microsoft web technologies on the map. Microsoft can not simply drop it because if they do they give up a dominate market share to the scripting competition being PHP, CGI, Cold Fusion.. etc etc PHP for instance a huge installed base on many platforms which are essentially free. ASP.NET can not compete with that in any way and not supporting Classic ASP would put microsoft in a bad position.
Take it from me. If you are a weekend code warrior/script kiddie. You'll be a lot happier sticking with classic ASP. You will also have save a lot of money and you can still have great web sites. There are tons of great applications out there in ASP and ASP still is and always will be the easiest scripting language to work with and learn. Better yet look around on sites like www.4guysfromrolla.com and see if you actually understand any of the latest articles. If it looks like Greek to you that is yet another sign that you should stick to classic ASP.
Personally, I will be focusing just as much time and effort on ASP.NET as I will on Classic ASP in the years to come for a few reasons.
- Because I sell software I obviously need to convert/re-write most of my appIications to work with ASP.NET. My living may eventually depend on it.
- Because I love using the latest technologies I want to continue to develop using ASP.NET.
- Because I do many custom projects for various clients using ASP.NET is a must.
- Because in some cases using ASP.NET over classic ASP makes total sense.
Just don't fall for the HYPE folks. I am one of the few established developers out there that has a set of Balls and is willing to put the truth out there and see past the bullsh*t. If you go ASP.NET do it because you seriosuly think you need the power and scalabilty and money and time is not an issue or because you are a hobbiest and object oriented programmer who likes working with and has time to work with the latest and greatest web scripting technolgies out there. I truly believe that so far ASP.NET is as much a success as it is a failure. I am sure some of you out there know what I mean by that.
All this being said you should also realize that ASPProtect.NET is a little different than your average ASP.NET application because it uses a lot of advanced ASP.NET techniques and you essentially use it to password protect your existing scripts meaning you need to integrate your stuff with our stuff in a sense. If you just go buy some random ASP.NET application like a classifieds system or storefront it is probably just going to run on it's own an therefore will be a lot easier to set up and deal with.
Here are some links you folks should read as well.
http://rtfm.atrax.co.uk/infinitemonkeys/articles/asp/905.asp
http://www.itnewsgroups.net/group/microsoft.public.inetserve r.asp.general/topic2074.aspx
http://support.microsoft.com/default.aspx?scid=fh;%5Bln%5D;L ifeWin
Chris Willians
http://www.cjwsoft.com/about.asp , That would not happen unless you added a target to the login form or you're code had a base target set.
Like so..
<base target="_blank">
I would really need more detailed information. It's nothing the system does the way it ships under normal circumstances. For example you shouldn't see that behavior in any of the example protected ".asp" pages
that is unless you have something odd going on with your browser settings or you made changes to the login form or code around it causing it. (or you are using frames and dont have some of the targets and what not set correctly)
My guess is that it has to be something you added or did, but I really need to know more to offer more than that.
cwilliams38419.7687152778, Regarding (ASP Photo Gallery Pro)
If you are looking to import a very, very, large number of images, the upload feature might not be sufficient for you. I have done some work using a unix terminal to be able to upload as many images as I would like by simply placing the images in the directory and renaming the images. There are other ways to rename the images, but I am very familiar with Linux, so I chose to do it this way. If you are running Linux, MacOS, or another Linux-based OS, you can simply pull up a terminal and run the following command in the appropriate directory. If you run Windows, I'd suggest CygWin, which creates a Linuxenvironment (Linux shell). It can be found at www.cygwin.com In order to be recognized by the ASP software, the images must be in the format of pic_"Album Number"_"Picture Number".jpg . Therefore, the following code is run to accomplish the file name change (on one line without wordwrap):
ls -1 DSC* |
sed 's/DSCN//g'
sed 's/.JPG//g' |
awk '{print "mv DSCN"$1".JPG pic_9_"$1".jpg"}'
This command will change all files beginning in "DSCN" to "pic_9_*Picture Number*".
This does have a slight problem however. If there is a large number of pictures, 0's become a problem. For example, if there are 200 pictures, picture 1 will show up as pic_9_001.jpg. This can be fixed by the following command, which will eliminate unneccesary 0's (All on one line once more):
ls -1 --color='never' pic_9_0*
|sed 's/_0/_/g'
|sed 's/pic_9_//g'
|sed 's/.jpg//g'
|awk '{print "mv pic_9_0"$1".JPG pic_9_"$1".JPG"}'
This command eliminates 1 zero. It should be run as many times as needed to eliminate all zero's.
Please Note: These commands will only show the resultant set (The list of picture names). In order to execute them, they must be output to a shell script using the ">" character as follows:
ls -1 DSC* |
sed 's/DSCN//g'
sed 's/.JPG//g' |
awk '{print "mv DSCN"$1".JPG pic_9_"$1".jpg"}' > temp.sh
Then, the shell script must be run using the following command:
sh temp.sh
This might take a few moments, depending on the amount of picture names that are being changed.
IMPORTANT: BACK UP all files before changing file names. Also, view the resultant sets to make sure it's what you want before outputting to a shell script.
If you have any questions, please feel free to post or e-mail me @ JPortnoy@checkernet.com cwilliams38210.5703009259, I just upgraded from 6.0 to 7.0 primarily because we were limited in the choices of email systems we could use to send an email validation message.
Previously, with 6.0, we were using CDONTS to send an email validation message to new registrants. Unfortunately, AOL email addressee's were not receiving the vaildation email from us. I received a reply to another post I made on this forum that the problem was due to the fact that aCDONTS generated email has no MX record and AOL blocks non-MX record containing emails.
Well, I upgraded to 7.0, switched to CDOSYS (Using SMTP Virtual Server) with SMTP Authentication and it appears that AOL is still blocking the validation email.
Any suggestions, comments?
, In addition to that I just noticed the </href> you have in there.. man that is some scary stuff you came up with.. that may appear to work and make a link but it is not correct. Each link will work but never truly be closed.
That is just not valid proper use of the anchor tag.
You make a link in html like so
<a href = "somepage.htm">somepage.htm</a>
http://www.w3schools.com/tags/tag_a.asp
Then your surrounding each link with <span lang="en-us"> </span>
Not sure why ? , OK. If no return page is set, do they end up on a PayPal confirmation page and have to navigate back to my site by going Back or typing the web address?
Nick , as I look at your installation more I notice that you are using MSSQl as the database type.
chances are that is the source of these problems. Fields in the sql database are most likely not all set correctly
it is very important that the sql tables and fields are set up exactly as described and that the sql script we provide runs without error
http://support.cjwsoft.com/code/moreinfo160-1.htm
if you create the sql database other than the way we tell you to or the sql script doesn't do its job setting all the field types/constraints/primary keys/etc..... for some reason .. then weird things like this can happen
at this time this is my best guess as to what is going on
I would examing the sql script we provide and compare the information set in it for each field and table to your existing SQL database to see if everything got set correctly.. I would start by checking these fields 1st of all as they are very important.... (username,password,expiration_date,admin,active)
in the meantime testing the ASPProtect system with an Access database will prove that all the ASP code is working as it is supposed to if you are interested in doing that ,
Hello,
I want to create a user for my manager. This user should be able to see
all statistics (Reports) and all (Banners). But, he should not be able
to edit anything.
How can I create the type of user described above?
Best regards,
Mohammad Al-Mohsin
, no, there is not not.
If you wanted to to that you would have to add some code to check their album count in the database and not allow them to make a new album if they were at the limit. cwilliams38433.0233680556, that information is actually not helpful in determining whether parent paths is enabled or not.
You should really ask your hosting company or better yet try doing a server side include to page one directory up and see if you get an error.
example
<!--#include file = "../myfile.asp"-->
cwilliams38302.6484259259, Hi,
I am using the upload_post_VBSCRIPT.asp to upload the pictures. My concern is the security of this. For instance I've seen some sites get hacked by a user uploading a file (going through the same process) and ending up crashing the entire server.
I tried adding .jpeg to the end of a text file (filename.vbs.jpeg) and then uploading it, and the file was actually uploaded. Is this a potential problem?
Thanks
S eeye38447.0388541667, That bit about zones makes perfect sense and seems surpassingly simple for me to integrate due to our categories and page contents being based on the same if/then functionality.
Regarding the user, I guess you mean that I could simply recreate a limited admin interface for users based on the interface you have included for me, is that correct? I realize how subjective the question is, but do you think that this would be a bad idea?
I'm leaning toward your software here. I have a budget that could easily cover a variety of programs, but the UI for advertisers at banmanpro, for example, seems far too complicated for my users. Also, banmanpro doesn't have supporting compatible softare I am interested in, such as your classifieds software.
I guess I am trying to buy a good shell from which I can do my own customization and coding, and into which I can integrate future additions such as your classified ads. Does this seem like the right place to be?
Thanks much for your time! , Thank you! I thought that is what had to be done, just didn't want to miss out on a short cut if there was one. Thanks again, I swapped a few emails with CJW regarding support for ASPMail.
This application works with this software. I host my site with a
private hosting company named 'Intermedia.net' and this is what I had
to do to make this application work.
1 - Change email settings to 'SASMTPMail' installed
2 - Find all instances of the following code:
If ASPMail_Installed = true then
&nbs p; Set Mailer =
Server.CreateObject("SMTPsvg.Mailer")
Else
&nbs p; Set Mailer =
Server.CreateObject("SoftArtisans.SMTPMail")
End If
Change this code to simply:
Set Mailer = Server.CreateObject("SMTPsvg.Mailer")
3 - that was about it. The files that I needed to change are:
/users/email_password.asp
/users/add_new_account.asp
/gallery_admin/approve_album.asp
/email_friend.asp
I believe that's all i needed to change. Any questions I'd be
happy to try to help out. [CJW -- for some reason i needed a
restart on the server, it's all good now
http://www.iphotosite.com/galleryapp/default.asp. I'll be putting
in a redirect for that location/domain later today.
Kurt Tietjen
, Okay, I'm going nuts trying to find that settings screen.
I've got a dedicated server that I connect to using "Remote Desktop
Connection" so it looks like a regular Windows desktop. It's running
Windows Server 2003.
There's a program called "IIS Manager" but I've looked at all the
options for all the different sections and I don't find anything that
looks even remotely like that screen. And, of course, Windows
Help is no help at all.
What program do I run to get to that configuration screen?
Thanks,
Robert Gidley
, Hallo,
Can I change the number of the access levels?
I want to have about 20 levels...
, well, I just tried a password using "abcdefghi" and like you said it did not work
I am looking into that.
Also, it seems I had the SQL scripts creating the "Old Password" field just in case someone needed it and I forgot about that. , New question...
When someone edits their personal information, such as address, is there any way to set it so that someone in the office can receive an e-mail noting the changes?
Thanks. ,
Timecard Entry: 3/25/2006 1:46:59 PM
more billing, By far the slowest night yet. Wow, a lot of happy customers out there or they are simply not home due to holiday. Read a lot from Linda's books and kept eye on all monitors., lunch, Completed ''Bookshelf Manager'' for sunandshield.com. Added new, edit, and delete commands. Features to turn book listings and pictures on and off., more Passport training, Posted acct s and did a detail of checks and cash for bank deposit. Customer inquiries, ans phone, cc authorizations and coupon referrals. Customer traffic in the office today., read and sent emails, Met with Mc Donalds guy about the coupon booklets, Resetting all open modems. Fixing 8300 (Ringing)., lunch with Matt, batching and answering phone, lunch, went and had a sub, mm mm tasty, put reports on intranet site , Manning NOC. Resetting open modems. Watching network. Setting up domains., daily reports, worked on updating timecard system with Steve, email, voicemail, proposal and issues for samaritan, major phone calls, voicemail and call backs, setup new domain for ti golf club, several domain mods, conference call with remington museum, meeting next week, CNY Boat museum confirmed proposal, meet with next week, lunch, It was more like we got a bite to eat when we could., travel to watertown, 322 miles, tech calls, alternating w/techcalls and voicemail, Extracting closed info from Niagara system., Phone w/Don G., Cleaning up the SoftMLS DB and updating reports. Getting the feeling that someone else is going to be using them in the near future and I want to make sure they're in order before they're handed off. , worked on work request system (internal, billable), emails/voicemails, drove to redwood to take pictures for Johnson Log Homes site, total trip 50 miles, Update timecards, payroll once again and sent emails about who still has timecards out there somewhere,
|
