Product Home Page | Developer Site | Version | |
By default, Enable parent paths is set to no. When Enable parent paths is set to no, a FileSystemObject object instantiated by an ASP application is limited to that application’s defined directory. This is the most secure setting and is appropriate for most shared Web hosting environments.
When Enable parent paths is set to yes, the FileSystemObject object can access files outside the ASP application directory. In this scenario, ASP developers can use the "../" syntax in #include
statements to access any file outside of the Web directory that the ASP Server has file system permission to read.
Caution | Changing Enable parent paths to yes can affect the security of your server. Before you change this setting, make sure that the ASP Server has permission to access only the files you want to be publicly accessible, and that it does not have access to sensitive files containing configuration or password information. You can restrict the permissions of the ASP Server by defining the user it runs under, and making sure that that user has appropriately restricted file system permissions. |
Note | The Enable parent paths setting does not add any restrictions to executing Java code. For example, if you want to restrict Java code to access files within the application directory, the proper permissions should be in the bean.policy file. |
See also:
Configuring File System Access
Copyright © 2003 Sun Microsystems, Inc. All rights reserved.