PDA

View Full Version : ASP question

amitbehere
06-29-2004, 11:13 PM
Hi all,

I am a beginner at ASP so I do not understand the security implications however I have the following problem

I am submitting a call to an asp with a parameter call image that is a folder on the system
http://mymachine/test.asp?image=c:/Images/test.jpg
The value of parameter "image" comes from a SQL database.

At the time of exec, it is translated to the following
http://mymachine/test.asp?image=c%3A%2FImages%2Ftest.jpg which I understand are ASCII values.

I need to pass in a path to a shared folder on some other machine in my network.
eg.
http://mymachine/test.asp?image=\\sharedmachine\sharedfolder\sharedfile.jpg

However if I set image = \\sharedmachine\sharedfolder\sharedfile.jp in the SQL database it does not work
also escaping the backslash \\ does not work
Also using ASCII value of \ does not work
%5C%5csharedmachine
This not only not working...its also crashing my IIS.
"dllhost.exe error: Instruction referred mem address 0000x0"

I am using Windows environment XP professional with IIS 5.1

Can this be even done? If yes, how ? I will be most grateful for any help.

Thanks in advance.
-Amit Behere
Software Engineer
Digital Map Products
amitbehere
06-29-2004, 11:23 PM
Sorry,
I didnot make my environment clear.

I am using Windows XP Professional with IE 6 and IIS 5.1

Thanks,
Amit Behere
putts
06-30-2004, 12:17 AM
sometimes, the best thing to do when you're having a problem with a character or symbol that is not being past properly to all pages is to store or pass it as something else and then do a replace when it's needed.

E.G.
store a value like this
c:|root|image.jpg
and then, when you need it, do a replace(value,"|","\") - assuming value contains that string.
amitbehere
06-30-2004, 12:23 AM
Hi,

I did not quite understand that.

The parameter is being passed correctly to the asp
my.asp?image=\\sharedmachine\\sharedfolder\\shareddirectory
gives me an IIS error

however
my.asp?C:\\myfolder\\mydirectory\\file
works just fine

So I am guessing the problem is using a shared resource as a parameter to ASP. Can I do that ?
One solution might be to use a mapped drive. I will try it however I want to avoid that route and use UNC.

Thanks,
-Amit
putts
06-30-2004, 07:05 AM
Originally posted by amitbehere

however
my.asp?C:\\myfolder\\mydirectory\\file
works just fine


do you mean that you are able to access that value with a request() call or that it just doesn't give you an error?

by all my experiences, that doesn't look like it should work, but I've never really tried it either :P
afterburn
06-30-2004, 09:19 AM
It shouldn't work over the network instead of the local machine. As the local machine has the files and can place them correctly into the page with that type of path...