Books & Music
Food & Wine
Health & Fitness
Hobbies & Crafts
Home & Garden
News & Politics
Religion & Spirituality
Travel & Culture
TV & Movies
Including .inc or .asp files securely
When you are including files in ASP, many books teach you to use .INC extensions. However, for security reasons, you should always end your filenames in .ASP.
Let's say you are including a datastore file that contains all of your database connection information. If you name that file datastore.inc and someone manages to browse and find it, they can now see your entire database connectivity information! If you instead name that file .asp, your IIS server will pre-process the file and not show any information to the end user.
There are many other reasons to keep your asp include files with an ASP extension. You can actually include other ASP scripts so that your headers, footers, ads, etc. are all dynamic.
| Related Articles | Editor's Picks Articles | Top Ten Articles | Previous Features | Site Map
Content copyright © 2014 by Lisa Shea. All rights reserved.
This content was written by Lisa Shea. If you wish to use this content in any manner, you need written permission. Contact Lisa Shea for details.
Website copyright © 2014 Minerva WebWorks LLC. All rights reserved.