Blog Entry: 3/25/2006 1:41:05 PM
I have no idea.. perhaps PM me info on how to log into your site and reproduce the issue., In a way your questions are confusing to me, but here is some information regardless.
Using Active Sever pages you can not protect entire folders. It is simply not possible. ASPProtect is Active Server Pages scripts so it can only protect individual ".asp" files.
If you are concerned about customers downloading the access database..
best practive is to store it in different folder name than it came in
best practive is to give the database .mdb file itself a different name
best practive is to change the password on the access database
best practice is to store it in a directory that is not part of your web if possible.. many of the better hosting companies have it set up so you actually can do that
the more of these things you can do the better..
And if you are really worried about security you should use a SQL Server database which nobody can download from your website under any conditions because your data lives in the sql server and unless they get the username/password to it they can not access it. cwilliams38306.6367708333,
You are NEVER supposed to move any files, especially that one. Of course that is going to break a lot of things.
Please put it back the way it was.
You change the path of the include file when you call it, never the location of the include file., SQL Server Database Information Mod
This mod is only for customers running SQL server. It is a new stored procedure and a new version of the "server_info.asp" file that will display information about your SQL database on the Server Info page.
Purchase Page
This is for Advanced SQL Users only that understand how to add a Stored Procedure to a SQL Database as well as assign permissions and what not.
To install this mod you should have access to SQL Enterprise Manager and Query Analyzer as well as be able to grant your SQL database user EXEC permissions on the new stored procedure. , I am not sure. I can tell you that I run windows 2003 server and I have never had any issues setting permissions for ASP.NET files and folders. This very server is 2003 and the ASPProtect.NET demo runs on this server as well.
Course, I can't say that I have specifically tried to remove ASP.NET READ permissions on the database folder as it's just not something I would not have a reason to do. Why are you trying to do that? The ASP.NET account needs that permission. If you are trying to stop file browsing and downloading in that folder that is not how you do that. The best way to do that is by keeping the database somewhere else on the server that is not part of the http web. , Ok time for some more questions!!!
Is there a way to make the person's email address their default username... or force it in somehow instead of allowing them to create their own? , You can't unless you plan on editiing and custimizing the code.
The application is only designed to have one kind of admin and that kind has full access to the admin area.
You can of course give any user access to stats for their banners via the bannerstats page.
That is how it works. There are no other levels of admin access.
, I do not have any programming knowledge and have what might be a simple question.
I am having a hard time getting my hosting company to modify the rights on the data folder. They state they support ASP and access databases however this is the response I got when I requested the modify permissions set for the internet guest account:
Were the rights changed on the data folder? No, we do not manage rights to folders.
My question to you is: Doesn't supporting asp require those permissions be set on the database folder or can asp (not just aspprotect) work without those rights modified?
Thanks , Just having the database with members does not protect the page. You need to add the appropriate code to every page you want to restrict access to.
You need to click on the Groups tab in Admin.
Click on Generate PW protection code.
Click on the basic button if you don't want to include levels or groups or choose a level or group(s) and click the appropriate button.
Paste the code that's generated into the top of an ASP page in code view.
Is that what you're looking for?
Michelle , Thanks for the information. We added the name manually instead of using the App_Name variable., I have seen that happen before though it usually just happens once and then after that it doesn;t show up. It's the asphttp component doing it. The ASPBanner system is not doing it. I would try using banner calling method such as the xml parser method. It's usually installed by default on 200 and 2003 servers. cwilliams38248.6400115741, Nobody ever asked me, so i guess npegley sorted it.
The solution is indeed a single line added to your button form code ..
eg :
<input type='hidden' name='return' value='http://www.your-return-url/here.asp'>
This will overwrite any settings you have in your paypal preferences.
I posted this reply for anyone stumbling on here with the same problem. Hope it helps. :)
Dave. , Could be a mod I guess - it would be nice to have an option on the admin settings page to lock down access of all pages and redirect to a specified "lockdown" page upon attempted login.
If I'm updating the large files on the server and someone attempts a download, they'll get a partial ZIP file or an error.
, Hello,
Yes, that is how it works. Unless you make modifications to the code there is no way to easily do what you are talking about.
If you design the site to be intelligent that scenario should never happen.
For example.. you should only be offering links to pages that the current logged in user has access to. You do this by checking the session variables and with simple if-else logic around your html links.
It requires some work but if you dont give them links to pages they dont have access to what you are talking about will not happen.
Here are some simple examples.
Here is an example using access levels.
<%
If Session("Access_Level") = "1" Then
' show links to pages that allow access level 1
End If
%>
And one for groups..
<%
If Instr(Session("Groups"),"*6*") or Instr(Session("Groups"),"*7*") Then
' show links to pages that allow groups 6 and 7
End If
%>
cwilliams38354.0786921296, okay thanks, Greetings:
I am doing the initial set-up and have run into a problem. Everything has gone smoothly up to and including pulling up the get_me_in.asp page. When I enter the "PasswordEncryptionKey", nothing happens. The page just sits there without doing anything and the browser says it's opening the page, but never does. I have tried entering the value with and without the double-quotes. The value is the correct one from the config_inc.asp file. I did a copy paste from the file twice to insure I transferred it correctly.
I am running Windows 2000 server.
What now?
Warren , Hi Chris:
Is there a way I can include the username and password in the URL of a protected page to gain access to a that page without going through the log-in page?
I'm not quite sure what the syntax would be in the URL.
Warren , Right, I've done that. My concern is that it will time out again while I'm trying to import the file.
The import/export manager does not show up under the users tab when I log in normally. I have to pull up the page in frontpage and then preview it a browser to get it to show. , IFRAME is just an client side html thing...
has nothing to do with .NET
will work with any page extension or server side technology
As you see from that compatibilty chart I posted a link to.
Nearly every modern browser supports it.
cwilliams38155.4462847222, As I'd said in my previous response, I found those databases and they didn't work. All three databases in asptest do work., I just got home from a lonnng trip.. I will try to answer this 1st thing in the morning.
CJW, Gotcha.
Can you set an expiration date on a subscription?
Thanks,
Jess , Hi,
Sorry, but if ".asp" pages download instead of run on a server then that means ASP is not working on the server and is not configured correctly. That is about as low level as it gets and it is really the hosting companie's responsibilty to sort that one out.
It is totally a system admininister's job to make sure that sort of thing is working. If this place supports ASP they really need to fix that for you. There really is nothing I can do for you until ".asp" pages at least run.
As for the Free install... that is no problem. Of course you need to get the hosting company to fix the web before I can be of any help. There is more to that problem then permissions.
For starters I would make a simple ".asp" page with hardly anything it (even some simple html text is fine) and ask them why it is downloading instead of executing and to please fix things. , Hi Chris,
Our company has a big dilemma on how to manage the database for accounts that are expiring/expired.
We saw the function to email a batch of users who are expiring soon but this doesn't help us to complete the renewal process.
Once the email is sent, what happens afterwards? how can we setup the system so that we can renew their expiry dates or accounts without too much hassle?
The system currently doesn't have any renewal functions or to allow batch changes on multiple accounts at the same time so we have to manually edit one account at a time. This is extremely tedious if we have over 1000 accounts to manage (and we will).
If you have anything to suggest on all this I would appreciate it :)
Thanks alot
Sylvain , Our webhost changed converted all sites from c: to d:, and without us doing anything else, our customers now get the following error message when trying to access our Classifieds site:
***********
Microsoft][ODBC Microsoft Access Driver] Not a valid password.
This means there is most likely a problem with the "ConnectionString" info that you specified.
If you are using a DSN-Less Connection with MSACCESS.
Check that the physical path to the database has been specified correctly.
It has to be perfect and correct. It cannot be specified using "http://" or by using "server.mappath".
It has to be specified like the following example.
ConnectionString = "DBQ=D:\Inetpub\wwwroot\advpass_pro\_database\passwords.mdb;Driver={Microsoft Access Driver (*.mdb)};UID=admin;PASSWORD=Xpass"
If this is running on an NT server or Win2000 Server make sure that permissions have been set on the database.
Only the server admins can do this. If you are not the admin you will have to ask for this to be done.
If you are using a System DSN
It is not set up correctly. Again, make sure the permissions have been set for the database and that the system DSN has been set up correctly by the server admins.
************************************************************ *********************
We did everything the web host asked us to do, that is, changed all references to the C drive to new references to the D drive, but the error is still there. We also never changed any passwords (as far as we can remember). Can someone please tell us where to look (also which file might tell us what the correct password is in case it has in fact been changed.
Scaramouche38306.4845833333, the reason being is because when I do installs I do not touch any of your existing content. I only install the base application and make sure everything in it working correctly and also that the example protected pages are working. I do not integrate it with your existing site or edit any of your existing web content. That is up to you
sorry about that, but it would be way too time consuming and editing people's existing pages is a good way to cause a lot of headaches for me and the customer if something goes wrong. Not only that but everyone uses the system differently and it wouldnt make sense for me to be the one doing that based on access levels, groups.. etc etc which will all be custom to how you want things set up.
more on installation policies here.
http://www.cjwsoft.com/installation_service.asp
, OK, thanks.
Nick , ok, that is what you are suppose to do... not having that path info set can cause all sorts of trouble., Hello,
for an admin..
you view albums for a user.. make a new album... then click manage pictures
for a regular user you log in.. go to user user area.. create an album..then click on manage your albums , thank you for such a quick response -- It sounds straight forward - so I should be all set. Thanks again., Hello- I am trying to install the ASPPROTECT product and tried to read all the docs but still am getting the following error:
[Microsoft][ODBC Microsoft Access Driver]General error Unable to open registry key 'Temporary (volatile) Jet DSN for process 0x1980 Thread 0x1458 DBC 0x223c374 Jet'.
I understand about the physical path for the DSN-less connection and followed the example given. I got in touch with tech support for the host of my site and the give me the following as a physical path:
c:\sites\Single20\laptv1\database
Some observations:
1.- The database directory is outside the root dir but I think I am accounting for it with the path
2.- The permissions are ok
Any ideas?
Thanks
FP
, Hi,
I really look forward to installing V7...
I would like to test V7 by copying my existing V6 to a NEW directory,
including the database with new connection, and using this duplicate to
do an upgrade for TESTING PURPOSES ONLY before commiting to upgrading
the main system.
Should this cause any problem?
Tx,
Leon
, Hi, Its just a generic error that really doesn't mean much of anything except that something wrong with your data connection.
http://support.cjwsoft.com/code/moreinfo27-1.htm
could be invalid permissions on the database folder... could be any number of things
when setting up your connection I suggest going dsn-less.
http://support.cjwsoft.com/code/moreinfo9-1.htm
It is better/faster and also a lot easier to set up. ,
Hello,
I want to create a user for my manager. This user should be able to see
all statistics (Reports) and all (Banners). But, he should not be able
to edit anything.
How can I create the type of user described above?
Best regards,
Mohammad Al-Mohsin
, I had some issues with passwords not working. I cleared them up by
going to the affected user and typing in the desired password manually
on the edit screen. Worked like a champ every time, and I haven't had
to do that for some time now.
, far as I can tell it does... that session abandon thing called in the logoff page should be enough to cover everything
once thing to be careful about
If you log in.. then log off... then go back to a page and do a refresh... you may in fact be reposting the username and password from before.. thus logging yourself right back in
Perhaps not.. all depends on what your doing... but it is something to be careful of when testing cwilliams38341.7390509259, ok
thanks
, Chris,
D'oh! How completely obvious! 
I got it now. (In Step 4, by the way, you need to click on the web site, not the directory. The directory has its own Properties menu, which is competely different than the Properties menu for the web site.)
Thanks for the fast response!
Robert
, 1st off.. you appear to have some strange things going on with that domain. Looks like you have a frameset and are loading another domain in it which is always confuding especially if you are running the site off your home computer or something... I am not sure
That aside..
If I go to
http://www.bones.myftpsite.net/rfamilystuff/default.asp
and click on the "familiy" category
then right click on a broken image.. look at properties
Your linking the image to your localhost
see
http://localhost/rfamilystuff/pictures/Pic_3_1_thumb.jpg
and that is wrong, just like I said above
Nobody running the site off any computer but your development machine is going to see those pictures because the url isnt valid for them
My guess is in the settings you have the "PictureURL" set to
http://localhost/rfamilystuff/pictures
when it should be
http://www.bones.myftpsite.net/rfamilystuff/pictures
Good luck with this.. I am going to the bar.
If you need more help I probably will not be available until Monday. cwilliams38394.7688773148, This is amazing. You replied to question within minutes. Thanks for showing such a professionalism.
,
Timecard Entry: 3/25/2006 1:41:05 PM
E-Mail, Herald Bldg Pics, marketing meeting with Tom McCall, Working on CostGuard integrations, Talking w/ Network Services to ensure Potsdam was OK. Informed her of ISDN move over and asked for quote. Went to Ken Mills., Resizing and uploading agent photos and logos for the Warren PA site, hcut, Lunch, Davidson rates & rebates, *energy initiatives html production, WWTI fixes, started work on adding work order numbers to work request system (internal, billable, programming), Programmed Chris Williams' Router. Downloading newest OS for Cisco routers of internal network., work on proposal for salmon Run Mall, Clayton chamber info for web site, Alex aby.com- have tim look at it,
Karen montrois-talk with her about presentation for web site, puttogetrher info for training for heirtage cheese, Contact Senator Jim Wright, about proposal, , working on association tables...., Checking and resetting modems at POPs in Syracuse, Watertown, and Clayton., BioTek - Fix Bug in VaxData, still getting killed.....busy as all hell...que is constantly full, when its not full i quickly snagged the voicemails, only to see the que come on while i was snagging them, kind of a perpetual loop, Otis Richardson (SIIE), travel to staples in watertown for Rob76360-76375 15 miles, training with Steve, setting up my "office" in Clayton, Admin - emails and organize, Spoke to Al Maloney, White's Lumber, Seaman about DSL possibilities- sent out mailers to them, teched calls
, Reading and responding to emails and voice mails, also reviewing and approving timecards, GiSCO 3 free months ads...print and email, Drop off Deferiet equipment, work on programming, email/voicemail, did some radlogs. helped a few users with modem problems, Lunch, mail, fed ex for Jason, emails for timecards, frig, went to the store for BBQ, spicers for wedding registry,
|
