FIle location creating 500 error

[David Wolfe]

While using FrontPage 2003 against a Windows 2003
Server,I created a form/database connection. This runs
fine in the root folder of the server but when I create
the same file in a sub-directory, I get a 500 server
error.

I've checked NTFS permissions and both folders give
EVERYONE and server/users RWX permission.

Any Ideas?

-dw

[Dan Boylett]

"David Wolfe" <woofish@hotmail.com> wrote in message
news:0c8801c3d5fe$f08a49b0$a501280a@phx.gbl...

> While using FrontPage 2003 against a Windows 2003
> Server,I created a form/database connection. This runs
> fine in the root folder of the server but when I create
> the same file in a sub-directory, I get a 500 server
> error.
>
> I've checked NTFS permissions and both folders give
> EVERYONE and server/users RWX permission.

What is the 500 error? Have you got show Friendly error messages turned off?

[Aaron Bertrand - MVP]

> I've checked NTFS permissions and both folders give

> EVERYONE and server/users RWX permission.

Why does everyone (no pun intended) think that they need to open up their
security for everyone?

Try setting permissions explicitly for the user that needs it, IUSR_<machine
name>

--
Aaron Bertrand
SQL Server MVP
[url]http://www.aspfaq.com/[/url]

[Dan Boylett]

"Aaron Bertrand - MVP" <aaron@TRASHaspfaq.com> wrote in message
news:u6CIlyg1DHA.1740@TK2MSFTNGP12.phx.gbl...

> > I've checked NTFS permissions and both folders give
> > EVERYONE and server/users RWX permission.

>
> Why does everyone (no pun intended) think that they need to open up their
> security for everyone?
>
> Try setting permissions explicitly for the user that needs it,

IUSR_<machine

> name>

Because it sounds logically easy (always a bad thing...) and 'security
doesn't really matter, I'm only testing' ?

This is a reply to both Aaron and Dan...

Thanks for the info.

To answer Aaron, to test if changing file permissions has
any effect.

Now back to our regularly scheduled problem.

Turns out you cannot use an absolute path to an include,
at least using FrontPage 2003's form handler.
-------

Active Server Pages error 'ASP 0131'
Disallowed Parent Path
/cis125/wolfe/test1.asp, line 70
The Include file '../../_fpclass/fpdbform.inc' cannot
contain '..' to indicate the parent directory.
----

My workaround is to place a copy of fpdbform.inc in the
same directory as the form page. Seems odd.

-dw

>-----Original Message-----

>> I've checked NTFS permissions and both folders give
>> EVERYONE and server/users RWX permission.

>
>Why does everyone (no pun intended) think that they need

to open up their

>security for everyone?
>
>Try setting permissions explicitly for the user that

needs it, IUSR_<machine

>name>
>
>--
>Aaron Bertrand
>SQL Server MVP
>[url]http://www.aspfaq.com/[/url]
>
>
>.
>

[Ray at]

This is a IIS6 thing. You can change it though. Enter the "Disallowed
Parent Path" in Google, and you'll see that this is a very common issue that
people come across when going to 2003.

Ray at work

<woofish@hotmail.com> wrote in message
news:021101c3d616$12a03660$a301280a@phx.gbl...

> This is a reply to both Aaron and Dan...
>
> Thanks for the info.
>
> To answer Aaron, to test if changing file permissions has
> any effect.
>
> Now back to our regularly scheduled problem.
>
> Turns out you cannot use an absolute path to an include,
> at least using FrontPage 2003's form handler.
> -------
>
> Active Server Pages error 'ASP 0131'
> Disallowed Parent Path
> /cis125/wolfe/test1.asp, line 70
> The Include file '../../_fpclass/fpdbform.inc' cannot
> contain '..' to indicate the parent directory.
> ----
>
> My workaround is to place a copy of fpdbform.inc in the
> same directory as the form page. Seems odd.
>
> -dw
>

> >-----Original Message-----

> >> I've checked NTFS permissions and both folders give
> >> EVERYONE and server/users RWX permission.

> >
> >Why does everyone (no pun intended) think that they need

> to open up their

> >security for everyone?
> >
> >Try setting permissions explicitly for the user that

> needs it, IUSR_<machine

> >name>
> >
> >--
> >Aaron Bertrand
> >SQL Server MVP
> >[url]http://www.aspfaq.com/[/url]
> >
> >
> >.
> >

[David Wolfe]

Thanks to all

-dw

>-----Original Message-----
>This is a IIS6 thing. You can change it though. Enter

the "Disallowed

>Parent Path" in Google, and you'll see that this is a

very common issue that

>people come across when going to 2003.
>
>Ray at work
>
><> wrote in message
>news:021101c3d616$12a03660$a301280a@phx.gbl...

>> This is a reply to both Aaron and Dan...
>>
>> Thanks for the info.
>>
>> To answer Aaron, to test if changing file permissions

has

>> any effect.
>>
>> Now back to our regularly scheduled problem.
>>
>> Turns out you cannot use an absolute path to an

include,

>> at least using FrontPage 2003's form handler.
>> -------
>>
>> Active Server Pages error 'ASP 0131'
>> Disallowed Parent Path
>> /cis125/wolfe/test1.asp, line 70
>> The Include file '../../_fpclass/fpdbform.inc' cannot
>> contain '..' to indicate the parent directory.
>> ----
>>
>> My workaround is to place a copy of fpdbform.inc in the
>> same directory as the form page. Seems odd.
>>
>> -dw
>>

>> >-----Original Message-----
>> >> I've checked NTFS permissions and both folders give
>> >> EVERYONE and server/users RWX permission.
>> >
>> >Why does everyone (no pun intended) think that they

need

>> to open up their

>> >security for everyone?
>> >
>> >Try setting permissions explicitly for the user that

>> needs it, IUSR_<machine

>> >name>
>> >
>> >--
>> >Aaron Bertrand
>> >SQL Server MVP
>> >[url]http://www.aspfaq.com/[/url]
>> >
>> >
>> >.
>> >

>
>
>.
>

[Jeff Cochran]

On Thu, 8 Jan 2004 10:34:38 -0800, <woofish@hotmail.com> wrote:

>This is a reply to both Aaron and Dan...
>
>Thanks for the info.
>
>To answer Aaron, to test if changing file permissions has
>any effect.

Except it has no effect on the permissions needed. To echo Aaron:

Why does *everyone* think that *everyone* really means *everyone*?
The group "Everyone" is a group. That's all. If an account isn't in
that group, no amount of permissions using the group everyone will
make a difference. By default, the group "Everyone" doesn't include
the IUSR/IWAM accounts.

Which means, when you change permissions to allow full access for
"everyone" you actually allow access for all accounts except the one
you're really using. Thus, you "prove" that it's not a security issue
when it may or may not be, and in the process, defeat the security of
your system.

Jeff

>Now back to our regularly scheduled problem.
>
>Turns out you cannot use an absolute path to an include,
>at least using FrontPage 2003's form handler.
>-------
>
>Active Server Pages error 'ASP 0131'
>Disallowed Parent Path
>/cis125/wolfe/test1.asp, line 70
>The Include file '../../_fpclass/fpdbform.inc' cannot
>contain '..' to indicate the parent directory.
>----
>
>My workaround is to place a copy of fpdbform.inc in the
>same directory as the form page. Seems odd.
>
>-dw
>

>>-----Original Message-----

>>> I've checked NTFS permissions and both folders give
>>> EVERYONE and server/users RWX permission.

>>
>>Why does everyone (no pun intended) think that they need

>to open up their

>>security for everyone?
>>
>>Try setting permissions explicitly for the user that

>needs it, IUSR_<machine

>>name>
>>
>>--
>>Aaron Bertrand
>>SQL Server MVP
>>[url]http://www.aspfaq.com/[/url]
>>
>>
>>.
>>