Partager via

AspEnableParentPaths

  • Article

The AspEnableParentPaths property specifies whether an ASP page allows paths relative to the current directory (using the ..\ notation) or above the current directory. If set to true, this property constitutes a potential security risk, because an include path could access critical or sensitive data files outside the root directory of the application if strong ACLs are not set on those files.

IIS 6.0 and later: To increase security, parent paths are disabled by default. This can potentially break upgraded Web sites that use the ..\ notation or include files from parent directories.

This property is an application-level property.

Schema Attributes

Attribute Name

Value

ADSI/WMI Data Type

BOOL

ABO Data Type

DWORD_METADATA

Schema Default

FALSE

Internal Default

FALSE

Upper Bound

0

Lower Bound

Not specified

Internal ID

7008

Friendly ID

MD_ASP_ENABLEPARENTPATHS

Property Attributes

INHERIT

User Type

ASP_MD_UT_APP

Configurable Locations

You can configure this property at the following locations in the IIS metabase.

Metabase Path

IIS Admin Object Type

/LM/W3SVC

IIsWebService

/LM/W3SVC/n

IIsWebServer

/LM/W3SVC/n/ROOT/physical_directory_name

/LM/W3SVC/n/virtual_directory_name/physical_directory_name

IIsWebDirectory

/LM/W3SVC/n/ROOT

/LM/W3SVC/n/ROOT/virtual_directory_name

IIsWebVirtualDir

Flags

There are no flags for this property.

Requirements

Client: Requires Windows XP Professional, Windows 2000 Professional, or Windows NT Workstation 4.0.

Server: Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0.

Product: IIS

See Also