f.c.w.donckat_private said: > Apart from the http://www.domain.com/xxxx.asp::$DATA in ASP applications > there may also a http://www.domain.com/global.asa which may contain session > variables and user-id/password combinations for entering databases and the > like. microsoft did list .asa files as one of several that needed to be protected. I've also downloaded .dll, .exe, and .cfm files. I'm sure there are many others. It is nothing to do with ASP applications, just the fact that content handlers don't understand the type of any particular file which doesn't have the correct .XXX extension. http://www.scripting.com has some amusing anecdotes of credit card database passwords and a frequent flier database password being recovered. Paul
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:08 PDT