Guest Author - Lisa Shea
When you are including files in ASP, many books teach you to use .INC extensions. However, for security reasons, you should always end your filenames in .ASP.
Let's say you are including a datastore file that contains all of your database connection information. If you name that file datastore.inc and someone manages to browse and find it, they can now see your entire database connectivity information! If you instead name that file .asp, your IIS server will pre-process the file and not show any information to the end user.
There are many other reasons to keep your asp include files with an ASP extension. You can actually include other ASP scripts so that your headers, footers, ads, etc. are all dynamic.