Security Error: The path to the products
Printed From: SalesCart
Category: Legacy Products
Forum Name: SalesCart Standard / PRO / SQL
Forum Description: All questions pertaining to SalesCart Standard, PRO and SQL should be posted here.
URL: http://forum.salescart.com/forum/forum_posts.asp?TID=66
Printed Date: November/23/24 at 9:59pm Software Version: Web Wiz Forums 11.04 - http://www.webwizforums.com
Topic: Security Error: The path to the products
Posted By: davidmurphy
Subject: Security Error: The path to the products
Date Posted: April/23/04 at 5:47am
I understand that the problems that Comcity is experiancing has to do with bad .asp scripting. There is nothing in the manual explaining what we are to do regarding this issue.
Here is a copy of an email we get daily.
*********
This is an automated response sent from SalesCart
Security Error: The path to the products database is invalid. Open checkpost.asp and change fpDBPath (for FrontPage) or dwDBPath (for
Dreamweaver) to a valid database path.
Order Number: 2309
Item Number: DM-Ford Gauge Kit
Posted Price: 0
Actual Price: 0
Posting URL: ../mall/default.asp
Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Server: www.dieselmanor.com
************
So my question is, what do I change the path to?
|
Replies:
Posted By: davidmurphy
Date Posted: April/23/04 at 5:49am
Here are the first few lines of our checkpost.asp page. We are using Frontpage.
<%
'Set variable to 0 to email error message to merchant, 1 to display error message on error page, or 3 to disable security
emailErr = 0
'FrontPage products database path
fpDBPath = Application("Products1_ConnectionString")
'Dreamweaver products database path
dwDBPath = "Driver={Microsoft Access Driver (*.mdb)};DBQ=" & Server.MapPath("/") & "/fpdb/products.mdb;"
'Flag that determines if product component uses single or double qoutes
quotage = 0
'Number of part numbers found
partNumFound = 0
'Flag if price has been lowered
priceTest = 0
|
Posted By: Techno Geek
Date Posted: April/23/04 at 7:20pm
Try this:
'FrontPage products database path
Comment out the line ->' fpDBPath = Application("Products1_ConnectionString")
'Dreamweaver products database path
Comment out the line ->' dwDBPath = "Driver={Microsoft Access Driver (*.mdb)};DBQ=" & Server.MapPath("/") & "/fpdb/products.mdb;"
------------- Techno Geek
Customer Support Engineer
ComCity and SalesCart Technical Support
|
Posted By: davidmurphy
Date Posted: May/03/04 at 6:08am
Hi Will,
What do you mean by Comment out the line ->'
Are you saying I should delete it?
Thanks
|
Posted By: GreatWeb1
Date Posted: May/03/04 at 6:41am
In ASP, if you add the apostrophe in front of the code it comments it out and renders that portion inactive. Developers use comment lines to remind them what this portion of the code does.
Example:
Not Commented
fpDBPath = Application
Commented
'fpDBPath = Application
|
Posted By: debsy
Date Posted: September/05/05 at 9:26am
hi,
I have this problem too, and you are saying put an apostrphe in front of the lines above and it should fix it, but mine already has this and its still doing it any clues
------------- help deb
|
Posted By: davidmurphy
Date Posted: September/05/05 at 2:23pm
debsy,
I did exactly as was described, just put an ' in front of the fpDBPath = Application("Products1_ConnectionString")
and I no longer get teh messages.
|
Posted By: debsy
Date Posted: September/06/05 at 2:20am
thanks
i will try again
debsey
------------- help deb
|
Posted By: JasonJolliff
Date Posted: November/21/05 at 9:55pm
Well...that takes care of the emails but what about the actual SECURITY of the website or just its functionality in general? I was doing some testing and noticed that I hit the "add to cart" button and since I have the "postpone checkout for this item" feature selected the page refreshed, however it did not add the item to my shopping cart. I hit the "add to cart" button again and this time it added it. In a matter of seconds, I received the email stating that "Security Error: The path to the products database is invalid..."
I am assuming that the "non adding to the webcart" is a biproduct of the code in checkpost.asp
I am more interested in solving the problem than simply not receiving the emails. Should I be concerned about this???
Thanks...anybody
|
Posted By: JasonJolliff
Date Posted: November/21/05 at 9:59pm
Would it be better to just hard code the database path? And if so, should this be a relative path or the whole address starting with "http://"?
|
Posted By: mikeb
Date Posted: December/21/05 at 9:17am
No, it wouldn't be...because everybody's database path is different. The software would work for no one instead of 1 guy who is doing something off the most traveled path (no pun intended).
|
Posted By: JasonJolliff
Date Posted: January/02/06 at 5:45pm
So...there is no security issue by doing this?
|
Posted By: mikeb
Date Posted: January/03/06 at 2:59pm
Security is a point of view and 1000 shades of grey. What is secure to one is not to another. The purpose of this routine is to check prices against the database. I believe the solution proposed is simply to make an older out dated version of checkpost.asp work or to make it work in cases where somebody has broken something.
Not adding products is not a bi-product of checkpost unless you have specifically set it not to not allow price posts that don't match to be added....
|
|