Ask a Question related to ASP Database, Design and Development.
-
Ron #1
Re: Storing ASP code in a Access mdb memofield and insert it in a asp-page
"Chris Hohmann" <hohmannATyahooDOTcom> schreef in bericht
news:eStRtmfPDHA.2480@tk2msftngp13.phx.gbl...> "Ron" <r@r> wrote in message
> news:3efdba05$0$155$e4fe514c@dreader8.news.xs4all. nl...> a> > Thx,
> > I will try that.
> >
> > I'm not using includes, because I want the users of a small content
> > management system to be able to freely change the content of clocks on> <<End of message omitted for brevity>> > page. They can put html in there or asp-code, so they can display the
> > results of queries etc.
>
> I would take Bob's advise to heart. Besides the performance
> consideration you are also going to have to contend with parsing the
> content to know which pieces to Response.Write and which pieces to
> Execute/ExecuteGlobal. More importantly, what you've described presents
> considerable security issues. Someone could maliciously or unknowingly
> wreak havoc on your site if they were to say access the FileSystem
> object to delete files from your server. You should reconsider your
> design. Perhaps you could achieve what your looking for by way of
> XML/XSLT. If you give us some idea of what you're trying to accomplish
> I'm sure the people in this group could point you in the right
> direction.
>
> HTH
> -Chris
>
>
Ron Guest
-
Access Code Log In Page
Here's what I'm attempting to do: I need to have a page that has a text box where someone can enter one word or a set numbers. Then when thye... -
Newbie needs code pages for SQL Server 2000 access from asp.net page using vb.net
I am only trying to connect to a local host . I am on Windows 2000 Server with sql 2000 server. My error is the classic "SQL server does not... -
how to pass an access DB query onto *next* page? trouble with *next* and *previous* querystring code
Don;t see any sign of any paging code is your snippets normally take this form Set rso = Server.CreateObject("ADODB.Recordset") rso.PageSize =... -
Storing and Displaying source code through browser
Hi All, I am trying to build a web based application using ASP.NET that I can use to store and retrieve source code samples. The question I have... -
Code Access to page
There are a couple methods....first you could make use of some application events in global.asax such as Begin Request. However, I would... -
Ron #2 Re: Storing ASP code in a Access mdb memofield and insert it in a asp-page
You are absolutely right. I was already considering the securityrisk.
('Execute' sounds like a solution which is going a bit to far in
flexibility. In what occasions could this be usefull, anyway?)
But the situation is like this:
I have built a very simple Intranet content management system in ASP using
an Access Database where I store the articles and the configuration of the
Frontpage of the intranet.
The frontpage is divided in blocks. One block is used for displaying the
most recent articles, another for a list generated by a query to another
database (sort of 'dashboard' system) and there is some linked content,
displaying traffic james, stock quotes and weatherinfo.
My contentmanager asked me to have more flexibility in the blocks. Using the
consistent layout as it is, she wants to be able to use other queries in the
blockes or put other content in it.
When I put html, like <b>This is bold text</b> or a table in it, it is
displayed fine with " response.write fp_block_memo. "
But as soon as I want to put a query in it, like:
<%
strSQL="SELECT ARTICLE_HEADLINE, ARTICLE_DATE FROM ARTICLES... ETC"
Set objRS=Server.CreateObject("ADODB.Recordset")
objRS.Open strSQL, objConnection
if NOT objRS.BOF then
Do While NOT objRS.EOF
Response.write "<b>"&objRS("ARTICLE_DATE")
ETC....
%>
it isn't displayed.
I have considered defining standard blocks of content, but that is not
exactly the flexibility we are looking for.
I agree this is a potential security risk and a performance issue.
Considering the environment it is built for, I wouldn't take it too serious.
Content is updated by two persons, who need userid's and passwords, all
access is logged and the intranet is only available for a small number of
people, from within the loaction, no VPN or something.
But who knows what this small hobby-intranet will lead to in future. So I am
interested in all considerations and creative solutions you will have. Hope
you will keep in mind, that I am not a professional programmer. I know a bit
of ASP and HTML, but I don't know anything about XML and XSLT.
Thanks for any input, I appreciate any suggestions,
Ron
"Chris Hohmann" <hohmannATyahooDOTcom> schreef in bericht
news:eStRtmfPDHA.2480@tk2msftngp13.phx.gbl...> "Ron" <r@r> wrote in message
> news:3efdba05$0$155$e4fe514c@dreader8.news.xs4all. nl...> a> > Thx,
> > I will try that.
> >
> > I'm not using includes, because I want the users of a small content
> > management system to be able to freely change the content of clocks on> <<End of message omitted for brevity>> > page. They can put html in there or asp-code, so they can display the
> > results of queries etc.
>
> I would take Bob's advise to heart. Besides the performance
> consideration you are also going to have to contend with parsing the
> content to know which pieces to Response.Write and which pieces to
> Execute/ExecuteGlobal. More importantly, what you've described presents
> considerable security issues. Someone could maliciously or unknowingly
> wreak havoc on your site if they were to say access the FileSystem
> object to delete files from your server. You should reconsider your
> design. Perhaps you could achieve what your looking for by way of
> XML/XSLT. If you give us some idea of what you're trying to accomplish
> I'm sure the people in this group could point you in the right
> direction.
>
> HTH
> -Chris
>
>
Ron Guest
-
Ron #3 Re: Storing ASP code in a Access mdb memofield and insert it in a asp-page
Wow,
Your example sure looks very tempting...
I think you're right: I should look into XML.
Thx,
Ron
"Chris Hohmann" <hohmannATyahooDOTcom> schreef in bericht
news:ONzVPa$PDHA.1072@TK2MSFTNGP10.phx.gbl...> "Ron" <r@r> wrote in message
> news:3f01b3ab$0$202$e4fe514c@dreader3.news.xs4all. nl...> using> > You are absolutely right. I was already considering the securityrisk.
> >
> > ('Execute' sounds like a solution which is going a bit to far in
> > flexibility. In what occasions could this be usefull, anyway?)
> >
> > But the situation is like this:
> >
> > I have built a very simple Intranet content management system in ASP> the> > an Access Database where I store the articles and the configuration of> the> > Frontpage of the intranet.
> >
> > The frontpage is divided in blocks. One block is used for displaying> another> > most recent articles, another for a list generated by a query to> content,> > database (sort of 'dashboard' system) and there is some linked> Using the> > displaying traffic james, stock quotes and weatherinfo.
> >
> > My contentmanager asked me to have more flexibility in the blocks.> in the> > consistent layout as it is, she wants to be able to use other queries> not> > blockes or put other content in it.
> >
> > When I put html, like <b>This is bold text</b> or a table in it, it is
> > displayed fine with " response.write fp_block_memo. "
> >
> > But as soon as I want to put a query in it, like:
> >
> > <%
> > strSQL="SELECT ARTICLE_HEADLINE, ARTICLE_DATE FROM ARTICLES... ETC"
> >
> > Set objRS=Server.CreateObject("ADODB.Recordset")
> > objRS.Open strSQL, objConnection
> >
> > if NOT objRS.BOF then
> > Do While NOT objRS.EOF
> > Response.write "<b>"&objRS("ARTICLE_DATE")
> >
> > ETC....
> >
> > %>
> >
> > it isn't displayed.
> >
> > I have considered defining standard blocks of content, but that is> serious.> > exactly the flexibility we are looking for.
> >
> > I agree this is a potential security risk and a performance issue.
> > Considering the environment it is built for, I wouldn't take it too> all> > Content is updated by two persons, who need userid's and passwords,> of> > access is logged and the intranet is only available for a small number> So I am> > people, from within the loaction, no VPN or something.
> >
> > But who knows what this small hobby-intranet will lead to in future.> Hope> > interested in all considerations and creative solutions you will have.> a bit> > you will keep in mind, that I am not a professional programmer. I know>> > of ASP and HTML, but I don't know anything about XML and XSLT.
> >
> > Thanks for any input, I appreciate any suggestions,
> >
> > Ron
> Ok, sounds like its a closed system with a well controlled user
> population, so security becomes less of an issue. That being the case I
> would go with the Execute/ExecuteGlobal since that's what you're
> familiar with. But once that's complete this presents an excellent
> opportunity to get your feet wet with XML. You current solution
> obligates your content managers to know ASP/ADO syntax and the structure
> of your database. With XML you could simply provide them with a new tag
> called <articles>. So as a content manager the content I upload could
> look something like this:
>
> <html>
> <head><title>My Articles</title></head>
> <body>
> Articles from June 1st to June 30th:
> <articles from="20030601" to="20030630" />
> </body>
> </html>
>
> HTH
> -Chris
>
>
Ron Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
