Web Wiz Forums - Hide asp or database error

Hide asp or database error

Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=17306
Printed Date: 17 April 2026 at 5:11pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com

Topic: Hide asp or database error

Posted By: likefuture
Subject: Hide asp or database error
Date Posted: 21 November 2005 at 11:31am

Hi all. I'm trying to find a way to hide the error information shown on browsers, which caused by asp code. I think it will make the forum more security. I added <% On Error Resume next %> into header.asp, but it seems don't work. Do you have any idea about it? thanks!

Replies:

Posted By: JJLatWebWiz
Date Posted: 21 November 2005 at 6:28pm

The On Error Resume Next isn't all-inclusive. If the main program is in Resume Next mode and the main program calls a subroutine that does not have its own On Error Resume Next, the subroutine could cause an error that halts the whole program.

The most dangerous errors are the ones that expose the path of the Access database. If the Access database is stored in a folder above the WWW root and that is not accessible as a web folder, then even if the path is exposed, the database is still relatively safe.

Is there a "most frequent" error that you're seeing? If so, I wouldn't mind trying to build something that could better protect the path information for you.

-------------
p.s. I'm not affiliated with Web Wiz Guide in any way. I'm just an average Web Wiz user repaying my debt for the use of their fine forum by trying to help other Web Wiz Guide users.

Posted By: likefuture
Date Posted: 21 November 2005 at 7:40pm

hi, JJLatWebWiz. Thanks. I installed the version 7.96 on my own computer and my website is only in the testing stage. There is no many problems about WWF. but today, I try to move a topic to a forum which has no any topics, the error occured. and then my database name, column name and something else are all diplayed on the Browser. So I think it maybe dangerouse.

Posted By: JJLatWebWiz
Date Posted: 22 November 2005 at 10:10am

likefuture, I'll look at the code that performs that process, but it would be more useful if you would copy and paste the exact error message. The asp file name, exact line number, and error code will make it easier to build a more meaningful change.

Also, don't worry too much about hiding your forum database column name or file names. Trust me that hackers know every file and column name already. Hiding your database in a non-web folder is about all that you can do to protect your Access database.

-------------
p.s. I'm not affiliated with Web Wiz Guide in any way. I'm just an average Web Wiz user repaying my debt for the use of their fine forum by trying to help other Web Wiz Guide users.

Posted By: likefuture
Date Posted: 22 November 2005 at 11:11am

hi, JJLatWebWiz. The following are some information about the error:

Enviroment:

OS: Windows 2003

Database: SQL Server

the first step, I move a topic to a empty forum. in the second step, because there is no any topic in this forum, so I cannot choose a topic moved to and also leave the 'new subject' textbox blank, then click 'move', the error message appeared. I translated it to english as below,

Microsoft OLE DB Provider for SQL Server error '80040e2f'
UPDATE is violation of COLUMN FOREIGN KEY constraint 'tblThread_FK01' in database 'WWForum'��table 'tblTopic', column 'Topic_ID'��

/BBS/move_post.asp��line 202

thanks.

Posted By: JJLatWebWiz
Date Posted: 22 November 2005 at 2:46pm

First, since you're using SQL, your data is much safer compared to the Access version. And hackers definitely know the SQL tables very well just by installing WWF themselves. But, this is a very inelegant error to be presented.

I assume you do not get this error when you fill in the "new subject" text box. This appears to be a minor bug from at least 7.01 through 7.96. I don't know how it would manifest in the Access version, but I think it will produce an error at the same line number with some reference to a referential integrity.

Here's what I came up with: In "move_post.asp", you need to detect that no topic from the list was chosen and no new subject was entered. So, open "move_post.asp" and insert the red code:


'If the user is user is using a banned IP redirect to an error page

If bannedIP() Then

 'Clean up

 Set rsCommon = Nothing

 adoCon.Close

 Set adoCon = Nothing

 'Redirect

 Response.Redirect("insufficient_permission.asp?M=IP")

End If



If (Request.Form("topicSelect") = "") and (Trim(Request.Form("subject")) = "") then

 'Clean up

 Set rsCommon = Nothing

 adoCon.Close

 Set adoCon = Nothing

%>

<html>

<head>

<meta name="copyright" content="Copyright (C) 2001-2005 Bruce Corkhill" />

<title>Discussion Forum Move Post</title>

<%

'***** START WARNING - REMOVAL OR MODIFICATION OF THIS CODE WILL VIOLATE THE LICENSE AGREEMENT ******

Response.Write("<!--//" & _

vbCrLf & "/* *******************************************************" & _

vbCrLf & "Application: Web Wiz Forums ver. " & strVersion & "" & _

vbCrLf & "Author: Bruce Corkhill" & _

vbCrLf & "Info: http://www.webwizforums.com" & _

vbCrLf & "Available FREE: http://www.webwizforums.com" & _

vbCrLf & "Copyright: Bruce Corkhill �2001-2005. All rights reserved" & _

vbCrLf & "******************************************************* */" & _

vbCrLf & "//-->" & vbCrLf & vbCrLf)

'***** END WARNING - REMOVAL OR MODIFICATION OF THIS CODE WILL VIOLATE THE LICENSE AGREEMENT ******

%>

<!--#include file="includes/skin_file.asp" -->

</head>

<body bgcolor="<% = strBgColour %>" text="<% = strTextColour %>" background="<% = strBgImage %>" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" OnLoad="self.focus();">

<div align="center" class="heading">Invalid Topic</div>

<div align="center" class="text"><br />You must choose a topic from the list or enter a new topic.<br /><br />

Click here to <a href="move_post_form.asp?PID=<%=Request.Form("PID")%>">return to the initial Topic Move form.</a>

</div>

</body>

</html>

<%

Else



'Read in the post ID

lngPostID = CLng(Request.Form("PID"))

and at the end


%>

<html>

<head>

<script language="JavaScript">

 window.opener.location.href = "forum_posts.asp?TID=<% = lngTopicID %>"

 window.close();

</script>

</head>

</html>

<%

End If

%>

Insert only the red code. You should find the black code already in the file.

With that change, a moderator and adminstrator should no longer be presented with the unaccounted for error. However, only admins and moderators would ever see that error. Presumably, such users are people you trust, so you have little to fear from an error in that particular process. A more complete bug fix would include a javascript in "move_post_form_to.asp" that checks that either a topic is selected or a non-blank subject is entered. I'll leave that to - boRg - for now.

(hopefully the forum filters don't make these suggested changes unintelligible)

-------------
p.s. I'm not affiliated with Web Wiz Guide in any way. I'm just an average Web Wiz user repaying my debt for the use of their fine forum by trying to help other Web Wiz Guide users.