Welcome to WebmasterWorld Guest from 54.159.111.156

Forum Moderators: ocean10000

Message Too Old, No Replies

Including a file above the root directory.

Is there a way?

     
6:20 pm on Feb 8, 2006 (gmt 0)

10+ Year Member



My question is simple, though I fear the answer may not be. I have a directory -- called "includes" -- That I want to store (You guessed it!) My include files in. I can do this in the inetpub/wwwroot folder, but then everyone and their brother has the potential to download my include files.. So my question is, can I use the include tag like this:

<!--#include file="d:\inetpub\wwwroot\directory\anotherdir\include.inc"-->

I would think that I could. I used MapPath to get the physical directory, but it won't include files using the absolute path. Only if I do either

<!--#include virtual="include.inc"-->
or
<!--#include file="../directory/.../include.inc"-->

The fact that it won't allow me to use the absolute path is baffling. Is there something else I could try, to access these files from a higher directory than 'inetpub/wwwroot'? A different way of including? A way to configure IIS to allow the use of absolute paths in include statements? I have exhausted my searches on the web .. I am truly stumpted.

Thanks for your input!

-- Zak

8:04 pm on Feb 8, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Name your include files include.asp instead of include.inc. This way, they will not be able to see or download your asp code. They'll be presented with html code only.
11:30 pm on Feb 9, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



<!--#include file="d:\inetpub\wwwroot\directory\anotherdir\include.inc"-->

This should work, are you sure you have the path and permissions set correctly?

11:34 pm on Feb 9, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



As the aim is to protect the files, rather than to actually include files outside of the webroot, then suggestion defanjos made is quite valid.
So move the files into your web folder, and make them .asp files so you can hide any executable code or parameters etc.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month