Enable parent paths

You are here: Glossaries > Administration Console Glossary > Enable parent paths

Enable parent paths

By default, Enable parent paths is set to no. When Enable parent paths is set to no, a FileSystemObject object instantiated by an ASP application is limited to that application’s defined directory. This is the most secure setting and is appropriate for most shared Web hosting environments.

When Enable parent paths is set to yes, the FileSystemObject object can access files outside the ASP application directory. In this scenario, ASP developers can use the "../" syntax in #include statements to access any file outside of the Web directory that the ASP Server has file system permission to read.

Caution

Changing Enable parent paths to yes can affect the security of your server. Before you change this setting, make sure that the ASP Server has permission to access only the files you want to be publicly accessible, and that it does not have access to sensitive files containing configuration or password information. You can restrict the permissions of the ASP Server by defining the user it runs under, and making sure that that user has appropriately restricted file system permissions.

Note	The Enable parent paths setting does not add any restrictions to executing Java code. For example, if you want to restrict Java code to access files within the application directory, the proper permissions should be in the bean.policy file.