ASP bites at the heart of the internet

Despite security concerns Active Server Pages are a simple way to create web-based data.

Microsoft's Internet Information Server (IIS) has been in the newscreate web-based data. over the last few months with a variety of bugs that have led to some serious security issues being raised.

Potentially one of the most serious bugs effects Active Server Pages (ASP) and the ability to uncover password information. But what are ASP and what can be done with them?

An ASP is, essentially, an HTML page that includes one or more scripts that are processed on the web server before the page is sent out to the user.

These scripts can either be written in VBScript or JScript and can be used to build or customise a web page on information provided by the user.

In this way ASP are functionally similar to a common gateway interface application.

Using VBScript on the server in an ASP isn't very different from using it in applications or within standard web pages. Almost all of the VBScript commands are available for use on the server, except for those commands that interact with the user.

The rules for using JScript are similar to those for VBScript, and likewise with VBScript - you cannot use interface statements such as the Alert statement. Using JScript at the server side is almost identical to using JScript at the client. Furthermore, JScript on the server is case sensitive.Support for other scripting languages, such as Perl, can also be added to Internet Information Server.

Creating ASP is almost as easy as creating HTML pages. In fact, ASP start out as a standard HTML web page. The appropriate scripts are then added for whatever browser you require.

Converting the page from HTML and creating the final ASP is simply a case of renaming the file extension from .htm or .html to .asp. The .asp file extension enables IIS to parse and execute the scripts in your files.

Most of the functionality in an ASP comes from objects on the server.

IIS comes with some built-in objects, such as a request object or a server object, as well as a number of installable objects, including database access, content linking and file access. You can also use third-party objects, or create your own. ASP make it easy to put data onto a web page. This can either involve simply displaying the data from an ODBC-compliant database, or you can use it to make decisions about what to display on a web page.

The process for creating data-driven web pages is straightforward, consisting of five key points:

- Specify a data source name (DSN) in the server registry or in a file and grant access to users accordingly.

- Use the connection object to point to a DSN, and create a Recordset object to gain interactive access to data.

- You can construct queries using standard SQL syntax. These can be submitted using connection methods, recordset methods or with the command object.

- You can use the command object to change query parameters and quickly resubmit them. The command object makes it easy to construct valid queries because it uses a parameter-driven interface that is easy to set up and maintain.

- Through the use of forms, users can perform queries, read data, edit data, add records and so forth. Thus it is possible to create complete client/server solutions.

ASP provide a powerful way to easily create web-based, data driven applications. It's just a shame about the numerous security issues thrown up by Internet Information Server.