Including .inc or .asp files securely
When you are including files in ASP, many books teach you to use .INC extensions. However, for security reasons, you should always end your filenames in .ASP.
Let's say you are including a datastore file that contains all of your database connection information. If you name that file datastore.inc and someone manages to browse and find it, they can now see your entire database connectivity information! If you instead name that file .asp, your IIS server will pre-process the file and not show any information to the end user.
There are many other reasons to keep your asp include files with an ASP extension. You can actually include other ASP scripts so that your headers, footers, ads, etc. are all dynamic.
Let's say you are including a datastore file that contains all of your database connection information. If you name that file datastore.inc and someone manages to browse and find it, they can now see your entire database connectivity information! If you instead name that file .asp, your IIS server will pre-process the file and not show any information to the end user.
There are many other reasons to keep your asp include files with an ASP extension. You can actually include other ASP scripts so that your headers, footers, ads, etc. are all dynamic.
Related Articles
Editor's Picks Articles
Top Ten Articles
Previous Features
Site Map
Content copyright © 2023 by Lisa Shea. All rights reserved.
This content was written by Lisa Shea. If you wish to use this content in any manner, you need written permission. Contact Lisa Shea for details.
