Blog Entry: 3/25/2006 4:55:40 PM
"do you know a way around the BinaryRead problem with ASPProtect?"
Let me rephrase:
Do you know a way in which ASPProtect can be modified to get around the BinaryRead problem?
Thanks,
Michelle
, also.. every once in a while I get some nervous person concerned about security... and the pros and cons of having parent paths enabled.
etc etc etc
so let me add this bit of info..
I don’t know what your hosting company will say because it is an iffy topic and those that understand it have a hard time explaining it to someone who doesn't. Also usually the hosting company doesn't have a clue except they heard it was a security risk.
Here is the low down from someone that really understands it...
(well, at least I think I do)
The only real security risks are from YOU and possibly other people hosting on the same server if they have parent paths enabled that is.
Meaning your site visitors can't possibly do anything with it unless of course you let them upload and run their own asp files to the server.
Anyway.. if YOU run malicious asp scripts you could potentially attack other sites on the server and look at things you shouldn't. As could other sites on the same server do to you I suppose.
So, unless you plan on doing that or some other site admin on the server does it to you its not really a concern. Just an advantage in coding abilities.
If you attack someone elses site on the server or lurk where you shouldnt then you are probably violating your hosting agreement.
99% of the time everyone gets all nervous over nothing.. half the people nervous about this have sites nobody would ever want to hack anyway.
Many people with a really important/busy sites are going to have a dedicated server somewhere so the setting is not relevant..
The hosting companies of course have to warn you.
This setting was enabled by default for years on IIS4-IIS5. I never once heard one single real story about anyone attacking anything because of this setting. That doesn't mean it doesn't happen but I am just telling you what I know.
This is all my opinion so take it for what it is...
If you are a Hosting Company your better off turning it on at the customers request, giving them a warning about it, and in turn having happy customers.
The big hosting companies like Alentus and MaximumASP do it...
There are far worse things than this to let people do after all.
Beleive it or not I have actually been in servers where they gave the anonymous webserver acount modify permissions EVERYWHERE yet they disabled parent paths ???? cwilliams38391.6024189815,
Personally, I really wouldnt worry about. Personal Client virus software like that is not really meant to run on servers anyway. That software is meant for client machines, not web servers.
Any Server designed virus product will not incorporate script blocking features because servers often need to run scripts when dealing with ASP, PHP, CFM, etc etc
That article I link to has more on all of that.
Turning that off is nothing to worry about. I been running IIS servers for 8 years. , If I would like a link on my web page that will take someone to the login page (I would also like this page to contain forgot passord? and register) I am not entirely clear what file to link to to do this. Would it be check_user_inc.asp?
Thanks in advance?
cwilliams38456.0972106481, Then you should have current enough code.
If you PM me the encryption key you are using and the plain text password for this user I can see if I can reproduce the error and come up with a fix.
I believe you found one of the rare examples where the encryption creates a strange character that messes up things. Sometimes those characters are not even visable.
Changing the password should solve the problem in the meantime., Hi,
I have a question re ASP Protect, I have got it up and running on a dev server which also hosts a e-com engine (ASP / Access), when users check out they are presented with the e-com log in screen (which is sharing the same ASPP_User table). All's well and registration and editing user details is fine both in the Admin section and the front end of ASP and if I request an email reminder from the ecom scripts I get back the encrypted password.
I'm using <% = Session("Email") %> and <% = Session("Password") %> to populate the fields on the ecom log in page so users can click though and progress, the checkout process needs the username/password, all user info shows up ok, however, when I proceed with these credentials, it doesn't work, even though I know these to be correct and even without requesting a password reminder and using the one that gets me in everywhere else, I still can't get through? do I need some code re the crypto so the ecom can decode??
Any help would be great - I've been on it for about 10 hours, and checked through the posts here but can't fathom it out?
Thanks Craig , ITS WORKING
...I have earned a beer (dont tell anyone im underage)  , ok, glad it is working, actually I just went to it again and it was somewhat slow coming up this time..
perhaps you have some issues with the sql database.
it should be instant.. like this one I run on my server
http://banserver.powerasp.com/aspbanner/
I suppose it could also have something to do with sql server resources but its hard to say..
cwilliams38319.7859722222, well, you should probably be backing up the SQL database on a regular basis. That is between you and hosting company. If they let you connect via SQL Enterprise Manager you can do backups on your own.
As far as the aspprotect files and folders go back them up somewhere, and then only worry about backing them up again if you change some of the files.
That's really all there is to it. None of the ASPProtect files change on their own except the generated log files that you may or may not care about backing up.
I mean the important thing is the Database, and then of course any your own .asp pages that you protected as well as any custimizations you made to the users area or your site... , in Control_pic.asp is there way to wrap the description field so that it doesn't go outside the table.
Thanks , Christopher,
Thanks for the reply. I think I've found my problem, but can't test until later in the evening as it is on a live site.
Darrell , all that docmunetation is online as well right here so you dont really need the chm file
http://support.cjwsoft.com/code/info24.htm
the chm format is a windows format that can only be viewed on windows pcs. I do not know why you can not see it. I would do reseach on viewing CHM files on whatever operating system and version you are running because perhaps you are using a mac or linux operating system which can not natively view chm files ?
, 1) Does everything, i.e. every user, every category, every product, etc., get stored in just one single database, or are there multiple databases at work and are linked to one another? I am asking because there is only one table in the DB, and it is the "Users" table. So I am presuming that there must be other databases that are linked to the DB. Is this correct?
2) Are user-level security permissions utilized in the sample Access DB that is shipped with the software? I am asking because we cannot seem to remove the "temp" password no matter what we try, and this is the only reason I can think of. , Not sure how to response.write the session variable, Hi
ASPBanner is great...
I have a little problem I have a ASP site http://www.bythebeach.com.au/
I understand how Zones (location on a pages) works but i need only to display those banners that pertain only to that catorgries or sub catorgries.
How would i do that would .... Would i have to add a new field in the database...?
Any help would be greatly apprecaited
regards
Domenic
Sydney, Australia , How can i get to this to register someone in the database only after the Paypal payment has been accepted. I was testing it out to see if it makes it to my Paypal account (which it did just fine) then I closed Paypal before paying. I logged in as the administrator and looked at the member list and the account was created anyway. How can I stop this from being created until "only" after the Paypal payment has been "approved"?
What if this person never comes back to "try again"? Now the username he used (and is inactive) is not available for anyone else to use. And it takes up database space.
I am using the Paypal (non-subscription)
Thanks in advance,
scottyFlasher , how's it going ?, Our home page is not showing up gives this error:
Active Server Pages error 'ASP 0126'
Include file not found
/Default.asp, line 246
The include file 'elib/articles/home_feature1.asp' was not found. , ok
thanks
, The PayPal feature that is in ASPClassifieds has always been labeled as experimental and has never been supported as the documentation says. About a year ago I stopped even mentioning the feature on the product pages or in the live demo because I didn't like how it worked and I decided I would just market the application as a free based classifieds. It’s just not something I can support or talk about. To work really well it really needs to be coded to use PayPal IPN and a credit system. Where ads and various extra features cost so many credits and people have to buy credits before they can post any ads.
That’s about all I can tell you. It's just not something I support. , Great! Sounds good Chris. , You can also try setting asphttp's user agent property to some browser version like in this example. It might stop that info from showing up when it fetches a page from the server.
<%
Dim BanObj1Http
Set BanObj1Http = Server.CreateObject("AspHTTP.Conn")
BanObj1Http.UserAgent = "Mozilla Compatible (MS IE 3.01 WinNT)"
BanObj1Http.Url = " http://banserver.powerasp.com/aspbanner/aspbanner_inc.asp?Ba nnerZone=1"
Response.Write BanObj1Http.GetURL
set BanObj1Http = nothing
%>
Also... I dont know if these values below will work but I got them from looking at my nt logs.
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
And here is more info on the asphttp component and it's settings.
http://www.serverobjects.com/comp/asphttp3.htm cwilliams38248.6481365741, Where is the system getting the random user name and password, and why does it keep selecting the same user name and password every time?
, Dear Support Team
I have read and Installed your v8 banner software
exactly as explained on XP pro which contains other asp working app.
I have problems with the " Application " and " Session" in your scripts
things that make the iis fall dead.
also in the file asp _unlimited_config.asp
you have exlained that every thing must be kept without the "" marks.
well i get http 500 error cause of it.
Please advise
Thanks
Ran
, no, but in the standard version it probably will not run so great with more than 75 or so.
The unlimited version can handle pretty much whatever., Ok, for starters what is the real error ? Please read this.
http://support.cjwsoft.com/code/moreinfo11-1.htm
2nd I always recommend using CDOSYS before any other email component. All servers have it running by default and ASPProtect supports some a html editor if you use that component. I would give that a try as well. It's the best emailing option.
, the no concurrent login feature is based on IP addresses.. if you logged in again using the same IP address it would let you in regardless. So for example if you were behind a rhome router and logged in to a site on the internet it would nt matter if you had multiple computers at home because they would all have the same external IP address... etc etc
In other words it is tricky to correctly test..
I really need more detailed info on everything going on. I real world scenarios there are no issues with that feature that I know of. At least according to customers so far. , I've had an error I saw described here, couldn't figure out what it
was. My SQL statement was being cut off, though a bit differently
because it was created on multiple lines with the amper-underscore
string construction design; my statement had no UPDATE, only started
with the junk screen characters of the encrypted password.
So, from what you said above about the vbNullChar, Chris, it looks like
I've hit the same problem, maybe from an old version (downloaded March
22, 2005). Could I request a copy of the updated logic?
Thanks a lot.
, I checked with our web hosting company and CDOSYS is installed and properly registered on the Windows 2003 Server our site resides on.
How do I go about changing the ASPProtect code to use CDOSYS?
Please advise.
, I'm using Groups and would like to assign all new users to a particular group. How is this done? cwilliams38298.5087384259, Oh also, I tried to run the asp on my machine (win XP) and unless I'm missing something fairly obvious, I cannot get it to run correctly...when previewing it, I see all the code instead of what I should be seeing., I assume so you can clean up users that register, but then never pay ?, I have multiple zone banners displayed on a single page using the AspHTTP Component Method.
However, in IE 6.x and NS 7.x each banner has some text displayed before it similar to:
HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Fri, 17 Sep 2004 07:15:12 GMT MicrosoftOfficeWebServer: 5.0_Pub Connection: Keep-Alive Content-Length: 229 Content-Type: text/html Set-Cookie: ASPSESSIONIDAASSDQBA=HAICCGCANEBEPANCDHLHJJGC; path=/ Cache-control: private
This text does not appear when using Netscape 4.x cwilliams38325.741099537, I have been working on this. 2Checkout is like the most confusing and worst payment processing company on the planet. There are things about that page I just don not understand as many times as I read through it.
Doesn't seem like this stuff is mandatory just yet. (I asked)
I should have something soon. , Hello Chris:
Let me run some more test if it's working on your end it should be on mine? I have made some custom updates to the code but no in that area.
Thanks,
-Ricardo
, Message :
I purchased the V8 of the software yesterday. It is running on a 2000 Server with a MSSQL database. It is installed and I get the successful connection to database screen but when I click to enter the admin. console I continually get:
"Connection string not saved in (data/config/aspbanner_unlimited_config.asp) file.
Most likey the data folder does not have proper permissions set on it.
That folder and all of the folders within it need (R,W,X,D) Permissions set for the anonymous webserver account.
These permissions can generally only be set by your hosting company."
I can save the string manually by hitting the button and I have checked that I have granted the proper access permissions. Any suggestions?
Ken, Suprising I started this tread off on ASPImage, but I resolved my issue and forgot to change the thread topic. I will try your suggestion.
, Well, you cant have a login box on the home page when using ASPProtect.NET.. there is no way to make that work. I tried all day to come up with something and it is not going to happen. I suggest you make a login button and link it directly to the protected page you want them to start on. The redirect or link them whereever from there. Either that or write your own forms based authentication solution that works exactly the way you want it to or edit the code accordingly since you have the source. It is not a feature we advertise for the product regardless. It works the way it works. , The problem was that I did not have
ConnectionString = "Driver={Microsoft Access Driver (*.mdb)}.... in the connection string.
Thank You.
,
Timecard Entry: 3/25/2006 4:55:40 PM
read and sent emails, got the green light from BA on Randy's circuit., Mikeco- changes to web site- changes given to Tom- Mike will send picture to upload to site quote 1 to 3 hours, helping ben get visio installed on his computer, and showed him the program a little, Upload new PDF files for bhcp.com, saved pics off of digital camera for Lisa to send to Johnson Log Homes, billing calls, Rather difficult set-up., Determined correct RAM for PC (spoke to Ron Dillon), called company, then ordered memory online, Weekly mtg. at CREG Systems, HB deposit, paid bill, Answered phones, was pretty busy, I only got to check out one of the users on my callbacks., teched phone calls had some trouble with ziplink dns numbers and that was about it, email, voicemail, green heron inn, ncconsulting, internet solutions, Finished up the rest of my lunch even though I stayed logged on. Just to make it 8 hours, fixing a failed alarmed DSP card on the TCH for 2360 and teaching Beth how to do it at the same time., sched & stuff, tech calls, Lunch, Automate EQL for SWMF, Dropped a couple of things off at business fair, installed some software on a couple of the tech machines., voice mails logins phones., AAA Phone Call, Drive to Clayton Office (no miles), lots of billing issues today. Sign ups, reactivations from Fort Drum., Telcordia Access and Local Service Seminar in Boston, Team meeting, Began list of Press Release People, Prep for BOCES presentation, A couple calls coming in, worked a little on my email to Ron.,
|
