You are viewing a plain text version of this content. The canonical link for it is here.
Posted to asp@perl.apache.org by Thanos Chatziathanassiou <tc...@arx.gr> on 2002/05/03 14:19:10 UTC
global.asa horrors ?
I had a nifty idea the other day: "what if I request the global.asa
directly through http ?". Well, it kind of turned out exactly as I had
hoped it wouldn't: apache returned the global.asa in plaintext.
Now, that's all ok, but my global.asa contained the database password
DBI used to access my db.
Since this isn't obvious for the casual user, I propose that the
following be included in httpd.conf:
<Files global.asa>
Order deny,allow
Deny from all
</Files>
just to be on the safe side...
Thanos Chatziathanassiou
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org
Re: global.asa horrors ?
Posted by Ellers <el...@iinet.net.au>.
>
> > Since this isn't obvious for the casual user, I propose that the
>> following be included in httpd.conf:
>>
>> <Files global.asa>
>> Order deny,allow
>> Deny from all
>> </Files>
>>
>...
>Another option users have is to locate the global.asa to
>some other directory that is not www browsable:
>
> PerlSetVar Global /cannot/browse/this/path
FWIW we always put the global.asa outside of the html tree. The
purpose of the global.asa file is not to be exposed to the httpd
server, so it doesn't belong there unless its intentionally being
exposed, as with Joshua's examples
Ellers
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org
Re: global.asa horrors ?
Posted by Joshua Chamas <jo...@chamas.com>.
Thanos Chatziathanassiou wrote:
>
> I had a nifty idea the other day: "what if I request the global.asa
> directly through http ?". Well, it kind of turned out exactly as I had
> hoped it wouldn't: apache returned the global.asa in plaintext.
> Now, that's all ok, but my global.asa contained the database password
> DBI used to access my db.
>
> Since this isn't obvious for the casual user, I propose that the
> following be included in httpd.conf:
>
> <Files global.asa>
> Order deny,allow
> Deny from all
> </Files>
>
Good point. I don't do this with the examples though because
I actually want people to see the global.asa there. This tip
would be a good candidate for the would be style guide.
Another option users have is to locate the global.asa to
some other directory that is not www browsable:
PerlSetVar Global /cannot/browse/this/path
--Josh
_________________________________________________________________
Joshua Chamas Chamas Enterprises Inc.
NodeWorks Founder Huntington Beach, CA USA
http://www.nodeworks.com 1-714-625-4051
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org
Re: global.asa horrors ?
Posted by Sven Kohler <sk...@upb.de>.
you should perhaps set Apache::ASP to also execute .asa files like .asp
files
----- Original Message -----
From: "Thanos Chatziathanassiou" <tc...@arx.gr>
To: <as...@perl.apache.org>
Sent: Friday, May 03, 2002 2:19 PM
Subject: global.asa horrors ?
> I had a nifty idea the other day: "what if I request the global.asa
> directly through http ?". Well, it kind of turned out exactly as I had
> hoped it wouldn't: apache returned the global.asa in plaintext.
> Now, that's all ok, but my global.asa contained the database password
> DBI used to access my db.
>
> Since this isn't obvious for the casual user, I propose that the
> following be included in httpd.conf:
>
> <Files global.asa>
> Order deny,allow
> Deny from all
> </Files>
>
> just to be on the safe side...
>
> Thanos Chatziathanassiou
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
> For additional commands, e-mail: asp-help@perl.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org