ONE Active Server Pages Product Home Page Developer Site Version


Configuring File System Access

You might want to enable access by an ASP application to a directory in the file system that is not contained in the ASP application root directory or its subdirectories. This type of access is configured from the Sun ONE Active Server Pages Administration Console using the Enable parent paths setting.

By default, Enable parent paths is set to no. When Enable parent paths is set to no, a FileSystemObject object instantiated by an ASP application is limited to that application’s defined directory. In this case, #include statements cannot use the "../" syntax to access files outside the ASP application root directory. This is the most secure setting, and is appropriate for most shared Web hosting environments. (Unlike Sun ONE ASP, with Microsoft ASP, when Enable parent paths is set to no, a text file can still be created outside of the application directory.)

When Enable parent paths is set to yes, the FileSystemObject object can access files outside the ASP application directory. In this scenario, ASP developers can use the "../" syntax in #include statements to access any file outside of the Web directory that the ASP Server has file system permission to read.

Caution icon Caution Changing Enable parent paths to yes can affect the security of your server. Before you change this setting, make sure that your ASP Server has permission to access only the files you want to be publicly accessible, and that it does not have access to sensitive files containing configuration or password information. You can restrict the permissions of the ASP Server by defining the user it runs under, and by making sure that that user has appropriately restricted file system permissions. For more information, see Setting the Security Mode.
Note icon Note The Enable parent paths setting does not add any restrictions to executing Java code. For example, if you want to restrict Java code to access files within the application directory, the proper permissions should be in the bean.policy file.

To configure file system access

  1. Open the Administration Console (see Accessing the Administration Console).

  2. On the ASP Server tab of the Server Management page, click Settings.

  3. The Server Settings page displays.

  4. In the Enable parent paths drop-down list, select yes or no.

See also:

Defining ASP Applications (ASP Server)

Using Server-side Includes