Forum Home Forum Home > Legacy Products > SalesCart Standard / PRO / SQL
  New Posts New Posts RSS Feed - Security Error: The path to the products
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Forum LockedSecurity Error: The path to the products

 Post Reply Post Reply
Author
Message
davidmurphy View Drop Down
Newbie
Newbie


Joined: April/23/04
Location: United States
Status: Offline
Points: 18
Post Options Post Options   Thanks (0) Thanks(0)   Quote davidmurphy Quote  Post ReplyReply Direct Link To This Post Topic: Security Error: The path to the products
    Posted: April/23/04 at 5:47am
I understand that the problems that Comcity is experiancing has to do with bad .asp scripting. There is nothing in the manual explaining what we are to do regarding this issue.

Here is a copy of an email we get daily.
*********
This is an automated response sent from SalesCart

Security Error: The path to the products database is invalid. Open checkpost.asp and change fpDBPath (for FrontPage) or dwDBPath (for
Dreamweaver) to a valid database path.

Order Number: 2309
Item Number: DM-Ford Gauge Kit
Posted Price: 0
Actual Price: 0

Posting URL: ../mall/default.asp
Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Server: www.dieselmanor.com
************

So my question is, what do I change the path to?

Edited by davidmurphy
Back to Top
davidmurphy View Drop Down
Newbie
Newbie


Joined: April/23/04
Location: United States
Status: Offline
Points: 18
Post Options Post Options   Thanks (0) Thanks(0)   Quote davidmurphy Quote  Post ReplyReply Direct Link To This Post Posted: April/23/04 at 5:49am
Here are the first few lines of our checkpost.asp page. We are using Frontpage.

<%
'Set variable to 0 to email error message to merchant, 1 to display error message on error page, or 3 to disable security
emailErr = 0

'FrontPage products database path
fpDBPath = Application("Products1_ConnectionString")

'Dreamweaver products database path
dwDBPath = "Driver={Microsoft Access Driver (*.mdb)};DBQ=" & Server.MapPath("/") & "/fpdb/products.mdb;"

'Flag that determines if product component uses single or double qoutes
quotage = 0

'Number of part numbers found
partNumFound = 0

'Flag if price has been lowered
priceTest = 0


Edited by davidmurphy
Back to Top
Techno Geek View Drop Down
Admin Group
Admin Group
Avatar
Evil monkey living in my closet!

Joined: March/11/04
Location: United States
Status: Offline
Points: 1206
Post Options Post Options   Thanks (0) Thanks(0)   Quote Techno Geek Quote  Post ReplyReply Direct Link To This Post Posted: April/23/04 at 7:20pm
Try this:

'FrontPage products database path

Comment out the line ->'
fpDBPath = Application("Products1_ConnectionString")

'Dreamweaver products database path

Comment out the line ->'
dwDBPath = "Driver={Microsoft Access Driver (*.mdb)};DBQ=" & Server.MapPath("/") & "/fpdb/products.mdb;"
Techno Geek
Customer Support Engineer
ComCity and SalesCart Technical Support
Back to Top
davidmurphy View Drop Down
Newbie
Newbie


Joined: April/23/04
Location: United States
Status: Offline
Points: 18
Post Options Post Options   Thanks (0) Thanks(0)   Quote davidmurphy Quote  Post ReplyReply Direct Link To This Post Posted: May/03/04 at 6:08am
Hi Will,
What do you mean by Comment out the line ->'
Are you saying I should delete it?
Thanks
Back to Top
GreatWeb1 View Drop Down
Newbie
Newbie


Joined: March/31/04
Location: United States
Status: Offline
Points: 26
Post Options Post Options   Thanks (0) Thanks(0)   Quote GreatWeb1 Quote  Post ReplyReply Direct Link To This Post Posted: May/03/04 at 6:41am
In ASP, if you add the apostrophe in front of the code it comments it out and renders that portion inactive. Developers use comment lines to remind them what this portion of the code does.

Example:

Not Commented
fpDBPath = Application

Commented
'fpDBPath = Application
Back to Top
debsy View Drop Down
Newbie
Newbie


Joined: February/22/05
Location: United Kingdom
Status: Offline
Points: 12
Post Options Post Options   Thanks (0) Thanks(0)   Quote debsy Quote  Post ReplyReply Direct Link To This Post Posted: September/05/05 at 9:26am
hi,

I have this problem too, and you are saying put an apostrphe in front of the lines above and it should fix it, but mine already has this and its still doing it any clues

Back to Top
davidmurphy View Drop Down
Newbie
Newbie


Joined: April/23/04
Location: United States
Status: Offline
Points: 18
Post Options Post Options   Thanks (0) Thanks(0)   Quote davidmurphy Quote  Post ReplyReply Direct Link To This Post Posted: September/05/05 at 2:23pm
debsy,
I did exactly as was described, just put an ' in front of the fpDBPath = Application("Products1_ConnectionString")
and I no longer get teh messages.
Back to Top
debsy View Drop Down
Newbie
Newbie


Joined: February/22/05
Location: United Kingdom
Status: Offline
Points: 12
Post Options Post Options   Thanks (0) Thanks(0)   Quote debsy Quote  Post ReplyReply Direct Link To This Post Posted: September/06/05 at 2:20am
thanks
i will try again
debsey
Back to Top
JasonJolliff View Drop Down
Groupie
Groupie


Joined: November/05/05
Location: United States
Status: Offline
Points: 49
Post Options Post Options   Thanks (0) Thanks(0)   Quote JasonJolliff Quote  Post ReplyReply Direct Link To This Post Posted: November/21/05 at 9:55pm
Well...that takes care of the emails but what about the actual SECURITY of the website or just its functionality in general? I was doing some testing and noticed that I hit the "add to cart" button and since I have the "postpone checkout for this item" feature selected the page refreshed, however it did not add the item to my shopping cart. I hit the "add to cart" button again and this time it added it. In a matter of seconds, I received the email stating that "Security Error: The path to the products database is invalid..."
I am assuming that the "non adding to the webcart" is a biproduct of the code in checkpost.asp

I am more interested in solving the problem than simply not receiving the emails. Should I be concerned about this???

Thanks...anybody
Back to Top
JasonJolliff View Drop Down
Groupie
Groupie


Joined: November/05/05
Location: United States
Status: Offline
Points: 49
Post Options Post Options   Thanks (0) Thanks(0)   Quote JasonJolliff Quote  Post ReplyReply Direct Link To This Post Posted: November/21/05 at 9:59pm
Would it be better to just hard code the database path? And if so, should this be a relative path or the whole address starting with "http://"?
Back to Top
mikeb View Drop Down
Admin Group
Admin Group
Avatar

Joined: March/17/04
Location: United States
Status: Offline
Points: 194
Post Options Post Options   Thanks (0) Thanks(0)   Quote mikeb Quote  Post ReplyReply Direct Link To This Post Posted: December/21/05 at 9:17am
No, it wouldn't be...because everybody's database path is different. The software would work for no one instead of 1 guy who is doing something off the most traveled path (no pun intended).
Back to Top
JasonJolliff View Drop Down
Groupie
Groupie


Joined: November/05/05
Location: United States
Status: Offline
Points: 49
Post Options Post Options   Thanks (0) Thanks(0)   Quote JasonJolliff Quote  Post ReplyReply Direct Link To This Post Posted: January/02/06 at 5:45pm
So...there is no security issue by doing this?
Back to Top
mikeb View Drop Down
Admin Group
Admin Group
Avatar

Joined: March/17/04
Location: United States
Status: Offline
Points: 194
Post Options Post Options   Thanks (0) Thanks(0)   Quote mikeb Quote  Post ReplyReply Direct Link To This Post Posted: January/03/06 at 2:59pm
Security is a point of view and 1000 shades of grey. What is secure to one is not to another. The purpose of this routine is to check prices against the database. I believe the solution proposed is simply to make an older out dated version of checkpost.asp work or to make it work in cases where somebody has broken something.

Not adding products is not a bi-product of checkpost unless you have specifically set it not to not allow price posts that don't match to be added....
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 11.04
Copyright ©2001-2015 Web Wiz Ltd.

Copyright 2015 by ComCity® LLC and SalesCart™.  All Rights Reserved