When using something like this,
<!--#include file="Loader.asp"-->
can it be use in an html file or just in another asp file. Loader.asp contains a class inside.
Printable View
When using something like this,
<!--#include file="Loader.asp"-->
can it be use in an html file or just in another asp file. Loader.asp contains a class inside.
both, if the server allows it.
You can use anything, as the file extension doesn't actually mean much.
Yes, but don't put things like passwords and login information in anything other than .asp files to be included. (i.e. don't use dbconn.inc) The reason is that if a hacker were to guess the name of the include file and it is not .asp, they can type in a url direct to the include file and see it's source. That is, unless it is an .asp file. Then the source is protected.
Here's an article about includes,
http://www.4guysfromrolla.com/webtech/080199-1.shtml
True - this applies to any "script" file extension, not just .asp - and theorically you could block *.inc files from being requested - a paranoid web admin would block all extensions except a handful of approved ones (.asp, .html, .xml, .gif, .jpg, etc).Quote:
Originally posted by monte96
Yes, but don't put things like passwords and login information in anything other than .asp files to be included. (i.e. don't use dbconn.inc) The reason is that if a hacker were to guess the name of the include file and it is not .asp, they can type in a url direct to the include file and see it's source. That is, unless it is an .asp file. Then the source is protected.
Are you sure? I have the following content saved in a file called Main.asp. I ran it, it displayed the results. But when I changed Main.asp to Main.html, it shows a blank web page.Quote:
Originally posted by JoshT
You can use anything, as the file extension doesn't actually mean much.
Code:<!--#include file="ASP Class Example 2.asp"-->
<%
'Create an instance of your Class
Dim Class_Instance
Set Class_Instance = New Your_First_Class
'Now you can access Public Variables of your Class
Class_Instance.External_Number = 5
'Lets get the External_Number back out of the Class
Response.Write "External_Number=" & Class_Instance.External_Number & "<br>"
'Lets access one of the Classes Subs (Public Only)
Class_Instance.Add_One
Response.Write "Add_One --> External_Number=" & Class_Instance.External_Number & "<br>"
'Lets access one of the Classes Functions (Public ONLY)
Response.Write "Add_Five --> External_Number=" & Class_Instance.Add_Five & "<br>"
%>
View the source...
When the file is named Main.asp and I viewed the source, I got this.
External_Number=5<br>Add_One --> External_Number=6<br>Add_Five --> External_Number=11<br>
When the file is named Main.html and I viewed the source, I got this.
<!--#include file="ASP Class Example 2.asp"-->
<%
'Create an instance of your Class
Dim Class_Instance
Set Class_Instance = New Your_First_Class
'Now you can access Public Variables of your Class
Class_Instance.External_Number = 5
'Lets get the External_Number back out of the Class
Response.Write "External_Number=" & Class_Instance.External_Number & "<br>"
'Lets access one of the Classes Subs (Public Only)
Class_Instance.Add_One
Response.Write "Add_One --> External_Number=" & Class_Instance.External_Number & "<br>"
'Lets access one of the Classes Functions (Public ONLY)
Response.Write "Add_Five --> External_Number=" & Class_Instance.Add_Five & "<br>"
%>
I browsed both going through Computer Management.
Thanks
Exactly my point. If you have asp code, use the .asp extension. IIS has built in security for the server side script code as long as the ASAPI filters are correctly set up. (You can easily hose them with MS's IIS Lockdown tool if you don't know what you're doing with it)
If you name the file something other than .asp, the source code is compromised.
I am a bit confuse here Monte. Josh said that the file extension can be anything but the above example showed that it has to end with ASP extension. I might be missing a piece of the puzzle here.Quote:
Originally posted by JoshT
You can use anything, as the file extension doesn't actually mean much.
Can you explain more.
What he's trying to say is, you can include any file extension in your include. Examples: .inc, .txt, .doc, .asp, .html... .whatever.Quote:
Originally posted by Hawk
I am a bit confuse here Monte. Josh said that the file extension can be anything but the above example showed that it has to end with ASP extension. I might be missing a piece of the puzzle here.
Can you explain more.
However, if you include an ASP file, then it's more secure, because IIS has built in security meant for ASP pages and not for the other extensions.
He was talking with security in mind. If security is not a matter for you, then it doesn't really matter what include you use.
If you tweak your web server, you can get *.html files to be processed by ASP and *.asp files to be processed by PHP. As long as the file extension is something that'll get processed (or blocked) by something else before it is served, your source code shouldn't be sent.
I personally think that its probably better to not put ASP includes in *.asp files as if they get requested, ASP does try to execute them - which might cause unintended things to happen. You could use a file extension you server is configured to block - so if you block *.inc files, when the server gets a request for one it just says no, rather a happily running a ASP file that sends blank content back - especially if there's no point in running that file by itself.
Unless, of course, you don't have control over your server, then just put your includes in *.asp.