Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Scripting.FileSystemObject with .ASP??

Status
Not open for further replies.
ssVBAdev

ssVBAdev

Programmer
Joined
May 23, 2003
Messages
257
Location
US
Using IIS on a desktop, I have created an Intranet (of sorts) for my corporate network. Although I have used VB and VBS before, I am new to using it for .ASP.

My question is... is there a problem using the Scripting.FileSystemObject with Server applications? I have a folder, which contains numerous subfolders, which all contain files (let just say .pdf files for now). The .ASP aplication uses the Scripting.FileSystemObject engine to search recursively throught the folders to build the Web page of links to the docments.

I am mainly concerned with security issues. The .ASP is scripted so that none of the actual paths of the virtaul directories are actually sent to the client browser (as far as I can tell).

So, is this a problem or is it an acceptable way of coding this type of .ASP application?

********************
What's the best way to get the answers you need?? See FAQ222-2244 for details!
 
Sort by date Sort by votes
If I recall, if the user (who executes the File System Object) does not have privileges to the document, the FSO will not return those objects (files).

 
Upvote 0 Downvote
I don't see a problem. The actual path never needs to be passed to the end client (and in fact wouldn't be a valid link if it was).

You do need to keep track of folder names as you recurse through the directories so you can output good links (i am assuming the documents are in the virtual directory somewhere).

I would probably do something along the lines of:
Code: 
Function ShowLinks(startDirectory, linkPrefix, fileExt)
   Dim fso, fol, fil, subfol
   
   'create fso and reference folder
   Set fso = Server.CreateObject("Scripting.FileSystemObject")
   Set fol = fso.GetFolder(startDirectory)

   'loop through files generating links
   For Each fil in fol.Files
      If InStr(fil.Name,fileExt) > 0 Then
         Response.Write "<a href=""" & linkPrefix & fil.Name & """>" & fil.Name & "</a>"
      End If
   Next

   'loop through subfolders
   For Each subfol In fol.SubFolders
      ShowLinks subfol.Path,linkPrefix & subfol.Name & "/",fileExt
   Next

   'cleanup
   Set fol = Nothing
   Set fso = Nothing
End Function


'call the function with the initial folder, etc
'   pretending you have a "documents" folder
ShowLinks Server.MapPath("documents"),"[URL unfurl="true"]http://myIntranetAddy/virt_directory/documents/",".pdf"[/URL]

So we pass it a hard path, a virtual path to prefix the links with, and the extension we want to display. It then recursively goes through all files and subfolders for our initial directory, generating a link based on the virtual path. The end user never sees hard paths only the virtual ones.

-T

01000111 01101111 01110100 00100000 01000011 01101111 01100110 01100110 01100101 01100101 00111111
Need an expensive ASP developer in the North Carolina area? Feel free to let me know.
 
Upvote 0 Downvote
Tarwin:
That is essentially what I have right now. The main difference is that I pass the hard path but use the Replace function to remove the "C:....." stuff and add the " stuff.
I don't have a file extension filter also. I want to use all the file in the folder and have included a Select Case function to show a certain "logo" depending upon the file type, then parse the extension off of the actual link string that appears to the client.

ignoreme:
I'm puzzled about your priveleges comment. Aren't users ("clients") who access the site given a guest account by default? and, if the folder has "read" allowances, wouldn't that Guest account be able to access the files.

********************
What's the best way to get the answers you need?? See FAQ222-2244 for details!
 
Upvote 0 Downvote
I think he was thinking you wanted to create an intermediary ASP page to open the files (using FSO) and binary write them to the end user so they would never see a path. The only problem with that method is that unless you have some way of uniquely identifying the files by something other than their path (like a database table of id's and paths) then you are still going to be passng around the filename and part of the path as either part of a form or in the querystring.

Sorry, feeling long winded today :P

01000111 01101111 01110100 00100000 01000011 01101111 01100110 01100110 01100101 01100101 00111111
Need an expensive ASP developer in the North Carolina area? Feel free to let me know.


 
Upvote 0 Downvote
uh... ...yea.

I'll stick to my method. It seems to work fine.

Thanks for the advice Tarwin.

********************
What's the best way to get the answers you need?? See FAQ222-2244 for details!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

leifoet
  • Locked
  • Question Question
How to send HTML emails with ASP classic?
Replies
0
Views
1K
leifoet
leifoet
penguinspeaks
  • Locked
  • Question Question
write HTML code within ASP line
Replies
1
Views
1K
xwb
xwb
penguinspeaks
  • Locked
  • Question Question
Return to current location on page after asp processes.
Replies
2
Views
1K
penguinspeaks
penguinspeaks
JScannell
  • Locked
  • Question Question
Border issue with Google Chrome on an Android phone
Replies
0
Views
756
JScannell
JScannell
how2trainyourdragon
  • Locked
  • Question Question
Request.Server variables blank for classic ASP
Replies
12
Views
2K
GriffMG
GriffMG

Part and Inventory Search

Sponsor

Back
Top