Security Error: The path to the products

Post Reply

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
mikeb Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: March/17/04 Location: United States Status: Offline Points: 194	Post Options Post Reply Quote mikeb Report Post Thanks(0) Quote Reply Topic: Security Error: The path to the products Posted: January/03/06 at 2:59pm
	Security is a point of view and 1000 shades of grey. What is secure to one is not to another. The purpose of this routine is to check prices against the database. I believe the solution proposed is simply to make an older out dated version of checkpost.asp work or to make it work in cases where somebody has broken something. Not adding products is not a bi-product of checkpost unless you have specifically set it not to not allow price posts that don't match to be added....

JasonJolliff Members Profile Send Private Message Find Members Posts Add to Buddy List Groupie Joined: November/05/05 Location: United States Status: Offline Points: 49	Post Options Post Reply Quote JasonJolliff Report Post Thanks(0) Quote Reply Posted: January/02/06 at 5:45pm
	So...there is no security issue by doing this?

mikeb Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: March/17/04 Location: United States Status: Offline Points: 194	Post Options Post Reply Quote mikeb Report Post Thanks(0) Quote Reply Posted: December/21/05 at 9:17am
	No, it wouldn't be...because everybody's database path is different. The software would work for no one instead of 1 guy who is doing something off the most traveled path (no pun intended).

JasonJolliff Members Profile Send Private Message Find Members Posts Add to Buddy List Groupie Joined: November/05/05 Location: United States Status: Offline Points: 49	Post Options Post Reply Quote JasonJolliff Report Post Thanks(0) Quote Reply Posted: November/21/05 at 9:59pm
	Would it be better to just hard code the database path? And if so, should this be a relative path or the whole address starting with "http://"?

JasonJolliff Members Profile Send Private Message Find Members Posts Add to Buddy List Groupie Joined: November/05/05 Location: United States Status: Offline Points: 49	Post Options Post Reply Quote JasonJolliff Report Post Thanks(0) Quote Reply Posted: November/21/05 at 9:55pm
	Well...that takes care of the emails but what about the actual SECURITY of the website or just its functionality in general? I was doing some testing and noticed that I hit the "add to cart" button and since I have the "postpone checkout for this item" feature selected the page refreshed, however it did not add the item to my shopping cart. I hit the "add to cart" button again and this time it added it. In a matter of seconds, I received the email stating that "Security Error: The path to the products database is invalid..." I am assuming that the "non adding to the webcart" is a biproduct of the code in checkpost.asp I am more interested in solving the problem than simply not receiving the emails. Should I be concerned about this??? Thanks...anybody

debsy Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: February/22/05 Location: United Kingdom Status: Offline Points: 12	Post Options Post Reply Quote debsy Report Post Thanks(0) Quote Reply Posted: September/06/05 at 2:20am
	thanks i will try again debsey

davidmurphy Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: April/23/04 Location: United States Status: Offline Points: 18	Post Options Post Reply Quote davidmurphy Report Post Thanks(0) Quote Reply Posted: September/05/05 at 2:23pm
	debsy, I did exactly as was described, just put an ' in front of the fpDBPath = Application("Products1_ConnectionString") and I no longer get teh messages.

debsy Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: February/22/05 Location: United Kingdom Status: Offline Points: 12	Post Options Post Reply Quote debsy Report Post Thanks(0) Quote Reply Posted: September/05/05 at 9:26am
	hi, I have this problem too, and you are saying put an apostrphe in front of the lines above and it should fix it, but mine already has this and its still doing it any clues

GreatWeb1 Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: March/31/04 Location: United States Status: Offline Points: 26	Post Options Post Reply Quote GreatWeb1 Report Post Thanks(0) Quote Reply Posted: May/03/04 at 6:41am
	In ASP, if you add the apostrophe in front of the code it comments it out and renders that portion inactive. Developers use comment lines to remind them what this portion of the code does. Example: Not Commented fpDBPath = Application Commented 'fpDBPath = Application

davidmurphy Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: April/23/04 Location: United States Status: Offline Points: 18	Post Options Post Reply Quote davidmurphy Report Post Thanks(0) Quote Reply Posted: May/03/04 at 6:08am
	Hi Will, What do you mean by Comment out the line ->' Are you saying I should delete it? Thanks

Techno Geek Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Evil monkey living in my closet! Joined: March/11/04 Location: United States Status: Offline Points: 1206	Post Options Post Reply Quote Techno Geek Report Post Thanks(0) Quote Reply Posted: April/23/04 at 7:20pm
	Try this: 'FrontPage products database path Comment out the line ->' fpDBPath = Application("Products1_ConnectionString") 'Dreamweaver products database path Comment out the line ->' dwDBPath = "Driver={Microsoft Access Driver (*.mdb)};DBQ=" & Server.MapPath("/") & "/fpdb/products.mdb;"
	Techno Geek Customer Support Engineer ComCity and SalesCart Technical Support

davidmurphy Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: April/23/04 Location: United States Status: Offline Points: 18	Post Options Post Reply Quote davidmurphy Report Post Thanks(0) Quote Reply Posted: April/23/04 at 5:49am
	Here are the first few lines of our checkpost.asp page. We are using Frontpage. <% 'Set variable to 0 to email error message to merchant, 1 to display error message on error page, or 3 to disable security emailErr = 0 'FrontPage products database path fpDBPath = Application("Products1_ConnectionString") 'Dreamweaver products database path dwDBPath = "Driver={Microsoft Access Driver (*.mdb)};DBQ=" & Server.MapPath("/") & "/fpdb/products.mdb;" 'Flag that determines if product component uses single or double qoutes quotage = 0 'Number of part numbers found partNumFound = 0 'Flag if price has been lowered priceTest = 0 Edited by davidmurphy

davidmurphy Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: April/23/04 Location: United States Status: Offline Points: 18	Post Options Post Reply Quote davidmurphy Report Post Thanks(0) Quote Reply Posted: April/23/04 at 5:47am
	I understand that the problems that Comcity is experiancing has to do with bad .asp scripting. There is nothing in the manual explaining what we are to do regarding this issue. Here is a copy of an email we get daily. ******* This is an automated response sent from SalesCart Security Error: The path to the products database is invalid. Open checkpost.asp and change fpDBPath (for FrontPage) or dwDBPath (for Dreamweaver) to a valid database path. Order Number: 2309 Item Number: DM-Ford Gauge Kit Posted Price: 0 Actual Price: 0 Posting URL: ../mall/default.asp Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Server: www.dieselmanor.com ********** So my question is, what do I change the path to? Edited by davidmurphy

Post Reply
Tweet

Forum Jump

Forum Permissions View Drop Down

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum