|
|
|
|
|
| | |
Server Side Include Files (".inc" or
".asp")
In addition to the PowerASP site also I run a
software company called
CJWSoft. As long as I can remember I have named server side include
files with the ".asp" extension instead of ".inc" in the applications
I sell. Over the years a lot of customers have
asked me why I do this. Well, this little article explains why.
Let's say I am including a file in all the pages of my application that contains the
database connection string.
Should I name it "dataconn.inc" or something like "dataconn_inc.asp" ?
The answer is you should avoid giving an include file a ".inc extension"
because if someone manages to find the location of that file and type it in
directly then they can see all the source text of the file. If you name the
file with a ".asp" extension and the file is run directly the IIS server
will try to process the file as an ".asp" file and none of the source code
of the file will be shown to the end user..
Now, that being said... I have noticed now that I run Windows Server 2003
and IIS6 that the ".inc" extension will no longer display as text when run
directly from a browser. It gives a "page
cannot be found" error. Try clicking on
this. dataconn.inc.
I really don't think I did anything special to make it do that and it is not
because the folder I have it in has an underscore, so I assume
it is a new security feature of IIS 6.
Another thing to note is that if you run
your own server you also have the option of mapping the ".inc" extension to
asp.dll. It appears though there may be no need to do that with IIS 6. |
|
|
|
|
|
|
|
|
|
|
|
|
