Security Error: The path to the products
Printed From: SalesCart
Category: Legacy Products
Forum Name: SalesCart Standard / PRO / SQL
Forum Description: All questions pertaining to SalesCart Standard, PRO and SQL should be posted here.
URL: http://forum.salescart.com/forum/forum_posts.asp?TID=66
Printed Date: April/26/24 at 12:19am
Software Version: Web Wiz Forums 11.04 - http://www.webwizforums.com
Topic: Security Error: The path to the products
Posted By: davidmurphy
Subject: Security Error: The path to the products
Date Posted: April/23/04 at 5:47am
|
I understand that the problems that Comcity is experiancing has to do with bad .asp scripting. There is nothing in the manual explaining what we are to do regarding this issue.
Here is a copy of an email we get daily. ********* This is an automated response sent from SalesCart Security Error: The path to the products database is invalid. Open checkpost.asp and change fpDBPath (for FrontPage) or dwDBPath (for Dreamweaver) to a valid database path. Order Number: 2309 Item Number: DM-Ford Gauge Kit Posted Price: 0 Actual Price: 0 Posting URL: ../mall/default.asp Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Server: www.dieselmanor.com ************ So my question is, what do I change the path to? |
Replies:
Posted By: davidmurphy
Date Posted: April/23/04 at 5:49am
|
Here are the first few lines of our checkpost.asp page. We are using Frontpage.
<% 'Set variable to 0 to email error message to merchant, 1 to display error message on error page, or 3 to disable security emailErr = 0 'FrontPage products database path fpDBPath = Application("Products1_ConnectionString") 'Dreamweaver products database path dwDBPath = "Driver={Microsoft Access Driver (*.mdb)};DBQ=" & Server.MapPath("/") & "/fpdb/products.mdb;" 'Flag that determines if product component uses single or double qoutes quotage = 0 'Number of part numbers found partNumFound = 0 'Flag if price has been lowered priceTest = 0 |
Posted By: Techno Geek
Date Posted: April/23/04 at 7:20pm
|
Try this:
'FrontPage products database path Comment out the line ->' fpDBPath = Application("Products1_ConnectionString") 'Dreamweaver products database path Comment out the line ->' dwDBPath = "Driver={Microsoft Access Driver (*.mdb)};DBQ=" & Server.MapPath("/") & "/fpdb/products.mdb;" ------------- Techno Geek Customer Support Engineer ComCity and SalesCart Technical Support |
Posted By: davidmurphy
Date Posted: May/03/04 at 6:08am
|
Hi Will,
What do you mean by Comment out the line ->' Are you saying I should delete it? Thanks |
Posted By: GreatWeb1
Date Posted: May/03/04 at 6:41am
|
In ASP, if you add the apostrophe in front of the code it comments it out and renders that portion inactive. Developers use comment lines to remind them what this portion of the code does.
Example: Not Commented fpDBPath = Application Commented 'fpDBPath = Application |
Posted By: debsy
Date Posted: September/05/05 at 9:26am
|
hi,
I have this problem too, and you are saying put an apostrphe in front of the lines above and it should fix it, but mine already has this and its still doing it any clues ------------- help deb |
Posted By: davidmurphy
Date Posted: September/05/05 at 2:23pm
|
debsy,
I did exactly as was described, just put an ' in front of the fpDBPath = Application("Products1_ConnectionString") and I no longer get teh messages. |
Posted By: debsy
Date Posted: September/06/05 at 2:20am
 thanks
i will try again debsey ------------- help deb |
Posted By: JasonJolliff
Date Posted: November/21/05 at 9:55pm
|
Well...that takes care of the emails but what about the actual SECURITY of the website or just its functionality in general? I was doing some testing and noticed that I hit the "add to cart" button and since I have the "postpone checkout for this item" feature selected the page refreshed, however it did not add the item to my shopping cart. I hit the "add to cart" button again and this time it added it. In a matter of seconds, I received the email stating that "Security Error: The path to the products database is invalid..."
I am assuming that the "non adding to the webcart" is a biproduct of the code in checkpost.asp I am more interested in solving the problem than simply not receiving the emails. Should I be concerned about this??? Thanks...anybody |
Posted By: JasonJolliff
Date Posted: November/21/05 at 9:59pm
| Would it be better to just hard code the database path? And if so, should this be a relative path or the whole address starting with "http://"? |
Posted By: mikeb
Date Posted: December/21/05 at 9:17am
| No, it wouldn't be...because everybody's database path is different. The software would work for no one instead of 1 guy who is doing something off the most traveled path (no pun intended). |
Posted By: JasonJolliff
Date Posted: January/02/06 at 5:45pm
| So...there is no security issue by doing this? |
Posted By: mikeb
Date Posted: January/03/06 at 2:59pm
|
Security is a point of view and 1000 shades of grey. What is secure to one is not to another. The purpose of this routine is to check prices against the database. I believe the solution proposed is simply to make an older out dated version of checkpost.asp work or to make it work in cases where somebody has broken something.
Not adding products is not a bi-product of checkpost unless you have specifically set it not to not allow price posts that don't match to be added.... |