FileSystemObject security

Results 1 to 2 of 2

Thread: FileSystemObject security

  1. #1
    Petere Guest

    Default FileSystemObject security

    I&#039m trying to create a work around for a dynamic includes by using the filesystemobject to read a text file into an HTML document. My sysadmin is concerned about possible security problems of exposing full pathnames of files in .ASP scripts. The fso seems not to support virtual pathnames. Any suggestions??

  2. #2
    David E. Guest

    Default RE: FileSystemObject security

    We did this for exactly the same reason and used the server.mapath method to take care of most of the path problem. I think I saw an article at Action Jackson that gave me the idea. We pass the name of the page to be included as a querystring x=page.asp. I don&#039t think there is any major security risks here but others may comment. I hope that helps.<BR><BR>David

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts