Professional Web Applications Themes

Storing ASP code in a Access mdb memofield and insert it in a asp-page - ASP Database

"Chris Hohmann" <hohmannATyahooDOTcom> schreef in bericht news:eStRtmfPDHA.2480tk2msftngp13.phx.gbl... > "Ron" <rr> wrote in message > news:3efdba05$0$155$e4fe514cdreader8.news.xs4all. nl... > > Thx, > > I will try that. > > > > I'm not using includes, because I want the users of a small content > > management system to be able to freely change the content of clocks on > a > > page. They can put html in there or asp-code, so they can display the > > results of queries etc. > <<End of message omitted for brevity> > > I would take Bob's advise to heart. Besides the performance ...

  1. #1

    Default Re: Storing ASP code in a Access mdb memofield and insert it in a asp-page


    "Chris Hohmann" <hohmannATyahooDOTcom> schreef in bericht
    news:eStRtmfPDHA.2480tk2msftngp13.phx.gbl...
    > "Ron" <rr> wrote in message
    > news:3efdba05$0$155$e4fe514cdreader8.news.xs4all. nl...
    > > Thx,
    > > I will try that.
    > >
    > > I'm not using includes, because I want the users of a small content
    > > management system to be able to freely change the content of clocks on
    > a
    > > page. They can put html in there or asp-code, so they can display the
    > > results of queries etc.
    > <<End of message omitted for brevity>
    >
    > I would take Bob's advise to heart. Besides the performance
    > consideration you are also going to have to contend with parsing the
    > content to know which pieces to Response.Write and which pieces to
    > Execute/ExecuteGlobal. More importantly, what you've described presents
    > considerable security issues. Someone could maliciously or unknowingly
    > wreak havoc on your site if they were to say access the FileSystem
    > object to delete files from your server. You should reconsider your
    > design. Perhaps you could achieve what your looking for by way of
    > XML/XSLT. If you give us some idea of what you're trying to accomplish
    > I'm sure the people in this group could point you in the right
    > direction.
    >
    > HTH
    > -Chris
    >
    >

    Ron Guest

  2. #2

    Default Re: Storing ASP code in a Access mdb memofield and insert it in a asp-page

    You are absolutely right. I was already considering the securityrisk.

    ('Execute' sounds like a solution which is going a bit to far in
    flexibility. In what occasions could this be usefull, anyway?)

    But the situation is like this:

    I have built a very simple Intranet content management system in ASP using
    an Access Database where I store the articles and the configuration of the
    Frontpage of the intranet.

    The frontpage is divided in blocks. One block is used for displaying the
    most recent articles, another for a list generated by a query to another
    database (sort of 'dashboard' system) and there is some linked content,
    displaying traffic james, stock quotes and weatherinfo.

    My contentmanager asked me to have more flexibility in the blocks. Using the
    consistent layout as it is, she wants to be able to use other queries in the
    blockes or put other content in it.

    When I put html, like <b>This is bold text</b> or a table in it, it is
    displayed fine with " response.write fp_block_memo. "

    But as soon as I want to put a query in it, like:

    <%
    strSQL="SELECT ARTICLE_HEADLINE, ARTICLE_DATE FROM ARTICLES... ETC"

    Set objRS=Server.CreateObject("ADODB.Recordset")
    objRS.Open strSQL, objConnection

    if NOT objRS.BOF then
    Do While NOT objRS.EOF
    Response.write "<b>"&objRS("ARTICLE_DATE")

    ETC....

    %>

    it isn't displayed.

    I have considered defining standard blocks of content, but that is not
    exactly the flexibility we are looking for.

    I agree this is a potential security risk and a performance issue.
    Considering the environment it is built for, I wouldn't take it too serious.
    Content is updated by two persons, who need userid's and passwords, all
    access is logged and the intranet is only available for a small number of
    people, from within the loaction, no VPN or something.

    But who knows what this small hobby-intranet will lead to in future. So I am
    interested in all considerations and creative solutions you will have. Hope
    you will keep in mind, that I am not a professional programmer. I know a bit
    of ASP and HTML, but I don't know anything about XML and XSLT.

    Thanks for any input, I appreciate any suggestions,

    Ron







    "Chris Hohmann" <hohmannATyahooDOTcom> schreef in bericht
    news:eStRtmfPDHA.2480tk2msftngp13.phx.gbl...
    > "Ron" <rr> wrote in message
    > news:3efdba05$0$155$e4fe514cdreader8.news.xs4all. nl...
    > > Thx,
    > > I will try that.
    > >
    > > I'm not using includes, because I want the users of a small content
    > > management system to be able to freely change the content of clocks on
    > a
    > > page. They can put html in there or asp-code, so they can display the
    > > results of queries etc.
    > <<End of message omitted for brevity>
    >
    > I would take Bob's advise to heart. Besides the performance
    > consideration you are also going to have to contend with parsing the
    > content to know which pieces to Response.Write and which pieces to
    > Execute/ExecuteGlobal. More importantly, what you've described presents
    > considerable security issues. Someone could maliciously or unknowingly
    > wreak havoc on your site if they were to say access the FileSystem
    > object to delete files from your server. You should reconsider your
    > design. Perhaps you could achieve what your looking for by way of
    > XML/XSLT. If you give us some idea of what you're trying to accomplish
    > I'm sure the people in this group could point you in the right
    > direction.
    >
    > HTH
    > -Chris
    >
    >

    Ron Guest

  3. #3

    Default Re: Storing ASP code in a Access mdb memofield and insert it in a asp-page

    Wow,
    Your example sure looks very tempting...
    I think you're right: I should look into XML.
    Thx,
    Ron



    "Chris Hohmann" <hohmannATyahooDOTcom> schreef in bericht
    news:ONzVPa$PDHA.1072TK2MSFTNGP10.phx.gbl...
    > "Ron" <rr> wrote in message
    > news:3f01b3ab$0$202$e4fe514cdreader3.news.xs4all. nl...
    > > You are absolutely right. I was already considering the securityrisk.
    > >
    > > ('Execute' sounds like a solution which is going a bit to far in
    > > flexibility. In what occasions could this be usefull, anyway?)
    > >
    > > But the situation is like this:
    > >
    > > I have built a very simple Intranet content management system in ASP
    > using
    > > an Access Database where I store the articles and the configuration of
    > the
    > > Frontpage of the intranet.
    > >
    > > The frontpage is divided in blocks. One block is used for displaying
    > the
    > > most recent articles, another for a list generated by a query to
    > another
    > > database (sort of 'dashboard' system) and there is some linked
    > content,
    > > displaying traffic james, stock quotes and weatherinfo.
    > >
    > > My contentmanager asked me to have more flexibility in the blocks.
    > Using the
    > > consistent layout as it is, she wants to be able to use other queries
    > in the
    > > blockes or put other content in it.
    > >
    > > When I put html, like <b>This is bold text</b> or a table in it, it is
    > > displayed fine with " response.write fp_block_memo. "
    > >
    > > But as soon as I want to put a query in it, like:
    > >
    > > <%
    > > strSQL="SELECT ARTICLE_HEADLINE, ARTICLE_DATE FROM ARTICLES... ETC"
    > >
    > > Set objRS=Server.CreateObject("ADODB.Recordset")
    > > objRS.Open strSQL, objConnection
    > >
    > > if NOT objRS.BOF then
    > > Do While NOT objRS.EOF
    > > Response.write "<b>"&objRS("ARTICLE_DATE")
    > >
    > > ETC....
    > >
    > > %>
    > >
    > > it isn't displayed.
    > >
    > > I have considered defining standard blocks of content, but that is
    > not
    > > exactly the flexibility we are looking for.
    > >
    > > I agree this is a potential security risk and a performance issue.
    > > Considering the environment it is built for, I wouldn't take it too
    > serious.
    > > Content is updated by two persons, who need userid's and passwords,
    > all
    > > access is logged and the intranet is only available for a small number
    > of
    > > people, from within the loaction, no VPN or something.
    > >
    > > But who knows what this small hobby-intranet will lead to in future.
    > So I am
    > > interested in all considerations and creative solutions you will have.
    > Hope
    > > you will keep in mind, that I am not a professional programmer. I know
    > a bit
    > > of ASP and HTML, but I don't know anything about XML and XSLT.
    > >
    > > Thanks for any input, I appreciate any suggestions,
    > >
    > > Ron
    >
    > Ok, sounds like its a closed system with a well controlled user
    > population, so security becomes less of an issue. That being the case I
    > would go with the Execute/ExecuteGlobal since that's what you're
    > familiar with. But once that's complete this presents an excellent
    > opportunity to get your feet wet with XML. You current solution
    > obligates your content managers to know ASP/ADO syntax and the structure
    > of your database. With XML you could simply provide them with a new tag
    > called <articles>. So as a content manager the content I upload could
    > look something like this:
    >
    > <html>
    > <head><title>My Articles</title></head>
    > <body>
    > Articles from June 1st to June 30th:
    > <articles from="20030601" to="20030630" />
    > </body>
    > </html>
    >
    > HTH
    > -Chris
    >
    >

    Ron Guest

Similar Threads

  1. This piece of code is not working for storing cookies
    By ruchir123 in forum Macromedia Flex General Discussion
    Replies: 4
    Last Post: November 23rd, 07:22 PM
  2. Access Code Log In Page
    By HawksQuest in forum Macromedia Dynamic HTML
    Replies: 1
    Last Post: July 4th, 10:35 AM
  3. Replies: 9
    Last Post: September 11th, 05:45 PM
  4. Replies: 1
    Last Post: September 1st, 04:56 AM
  5. Code Access to page
    By Karl Seguin in forum ASP.NET General
    Replies: 2
    Last Post: July 16th, 10:35 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139