Introduced
ASP (Active server Pages) is a server-side scripting technique that dynamically locates and sends information requested by the user. In order to successfully use ASP, you should use the plan in the practice of developing and managing your project. This article is written for system administrators, web writers, and Web application developers who plan or consider using ASP. The information in this article will help you plan to develop and manage an ASP application that is secure, well-organized, and easy to understand.
ASP or Browser script
Given the need for a scripting solution, you'll want to decide whether to write an ASP page or a browser-based script, and you'll want to make that decision early in the development process.
Plan to use ASP when you need:
Customize a Web page with information collected from back-end resources and selected to meet the needs of the user.
Collects data submitted by site visitors through an HTML form.
Send a page made for a particular kind and version of the browser.
To avoid placing unnecessary burdens on your server, a browser-based script is used for such tasks as confirming user submissions, calculations, and simple conditional output options.
This article includes three aspects of the ASP application plan:
Solve common problems
Organize ASP application directories and files
Setting standards for ASP scripts
Other aspects of ASP development, such as performance and reliability, will be covered in future articles.
Although ASP pages are useful, it is important to know some of the risks of developing and configuring them. If an ASP page connects users with back-end data resources that contain information about how to locate and access enterprise data, the page may also contain your business rules, customer data, and other sensitive information. As a result, it is important to know the potential for exposing sensitive information to people who are not licensed. When you develop and configure ASP, you may generate errors that allow people who should not be interviewed to access this information. In addition, if you are not using good development and management practices, you may be more and more satisfied users will have to terminate due to the continuous generation of performance and reliability issues.
ASP Management Plan
The ASP application is stored in your file system. An ASP application is a collection of ASP pages along with the included HTML pages and the components required by the application. When you define an application, you use Internet Services Manager to develop a directory where the application will be in the Web site.
This section provides a template and guidance for the directory structure, as well as access rights for ASP applications. The following template will help you build an ASP application organization model to achieve consistency, reliability, and security, regardless of how much complexity your ASP applications are.
The organization and attributes given for the directories and files in the following list are more important than the names used.
/application_name
Default.htm
Global.asa
/classes
/content
/asp
*.asp
/htm
*.htm
/images
/media
/themes
/data (not in the site directory)
/dll (not in the site directory)
/helper_files (not in the site directory)
The name of the application root application root directory should clearly represent the subject of the site. For example, an application for financial search can be named/financial_research. Avoid using an application root name, such as/media or/content, that may be mistaken for a side-quasi subdirectory of a site. Also, avoid using names that read like parts of numbers or code, such as/FR98346A.
To avoid negative impact on the product site, be sure to develop the application in a development test environment. An easy way to do this is to develop new applications under the IIS HTTP root directory/inetpub/wwwroot and then copy them to the same directory under Inetpub/wwwroot in the production environment if they already exist.
Note The main location of all microsoft®visual interdev™ and Microsoft frontpage™ network documents when/inetpub/wwwroot. If you migrate a network application to a storage location instead of/inetpub/wwwroot, the tools will not be able to access it.
The root directory for each application should contain at least the following files:
Default.htm or Default.asp
Global.asa
The Default.htm or default.asp should be the default home page for the application, and the server defaults should be set using Internet Service Manager accordingly. Take these two steps to enable users to consistently locate sites in your company by typing the server address plus the name of the application root directory. For example, users can access MSDN Online by entering msdn.microsoft.com. It is not necessary to enter the name of the home page.
File Global.asa Specifies the event script, declares the object that owns the application or dialog domain, and declares the type library. For example, the Global.asa script makes application-and Session-scope variables available at startup. Global.asa must be stored in the application root directory.
The/classes/classes directory stores all Java classes used by the application and requests permission to execute.
/content/content saves all pages (except Default.htm) and media that may be directly fetched by the users of the site.
/asp/content's/asp subdirectory contains all the pages with server-side scripting. This directory must contain execution permissions so that the ASP can execute this page script. Do not assign Read permissions to this directory, because. asp pages may contain sensitive information about business rules and access to data resources. Storing all of the script pages here simplifies permissions management and site security.
/htm/content's/htm subdirectory contains all pages that contain only standard HTML. This directory is read-only and does not have permission to execute. Pages that contain the server-side script stored here will not be executed.
/images as a subdirectory of/content, the/images folder should contain graphics that are used separately from the theme-related images, such as standard buttons and icons (below).
/media as a subdirectory of the/content,/media should contain subdirectories audio, images, animation files,. avi files and similar entries for the entire application.
/themes It is a subdirectory of the/content directory. Use the/themes directory to enable programs to change the face of a site. This directory should contain style sheets, bullets, buttons, icons, rules, and similar entries that you can organize to change the face of your application by simply changing any or all of the items associated with this topic. Each entry in the/theme directory can be dynamically connected by setting an application variable to its virtual path.
/data This directory should contain all database access information, such as SQL scripts, file-based Data group names, or similar data required by this application. Do not place this directory in this site directory, as this will give an unauthorized user access to business rules and private data.
/dlls This directory contains COM components and visual basic®6.0 run event DLLs, such as Vbrun500.dll and Msvbvm50.dll. Do not put this directory in this site directory, because this will give a hacker to the business rules and private data access rights.
/helper_files This directory holds files that are contained in the server side or in text format, and this text-formatted file makes information available across applications or many applications. For security reasons, the directory containing the Help files should be stored in the published network space (the user can confirm the site directory).
FILE-name extension standard
The file naming conventions provided in this section provide useful standards for reliable, consistent, and secure document pages.
Using an. asp extension is required for pages that contain server-side scripting. Using the. asp extensions for pages that might contain scripts in the future is a good strategy, even if they don't start out like this. To save server resources and minimize latency in the service sector, you need to use the. htm extension for files that do not need server-side scripting today and in the future.
For consistency and ease of maintenance, use the Include file (. Inc) to make the specified information available to more than one related page, and changes to the containing file are assigned to all pages that call them. Use a text file (. txt) for a data file in plain text format that is contained in a page type.
Do not use. Inc for pages that contain scripts. If a user manages to display such a page, all the business rules for the script will be revealed. Use the. asp extension for all pages that contain scripts or for files that plan to use scripts to avoid displaying ownership information encoded in ASP scripts.
Set script criteria
If you have organized, named, and protected your ASP application space, then plan and set up a good ASP task to complete half. You will also want to set standards for page scripts so that they are easy to read by all page authors of the group.
Readability Script Style
To enhance readability, establish the following scripting style for ASP pages. These styles apply to scripts written with Microsoft Visual basic®scripting Edition (VBScript) or jscript®. When using directory and file agreements, it is more important to resolve the issues below than to apply the given agreement exactly. When deciding whether to define your scripting contract, consider the fact that most ASP pages contain some pure HTML.
This section will allow you to start creating scripting standards. A more extensive script-style guidance reference will be released recently on this site.
The instructions in the script should be able to help all the scripts see the code author immediately begin to understand it. In addition, annotations should interpret the intent of the code or summarize what the code does, rather than simply repeating what the code says.
Write a consistent comment block near the top of each page to list the file name, the workgroup that developed the file (not the individual; The email should go to a workgroup alias), the date the file was developed, the HTML and scripting standards followed, and all the previous changes were explained.
Using annotations to explain obscure or complex code, that is to say, will take a script author more than a few seconds to understand any code. Be sure to add comments for the following sentences:
If ERR = LOCK Then
External annotation scripts should be deleted unless they are placeholders, in which case they should be tagged with such tags.
Insert the appropriate code in each comment. In-line comments should display two spaces after the corresponding code. Comments that start on a new line should be separated by a blank line.
Example:
<%
Dim intvariable ' Explici