So I am reading a book about asp.net security. and one of the sections

Question

0

Asked: June 13, 20262026-06-13T21:37:57+00:00 2026-06-13T21:37:57+00:00

So I am reading a book about asp.net security. and one of the sections

0

So I am reading a book about asp.net security. and one of the sections there was :
how to prevent directory traversal filename ( hacked filenames).

so the line of code was :

string fullPath = Server.MapPath(System.IO.Path.Combine(@"d:\inetpub\inbound\",filename));

but then I noticed the result of the combine which will be :

d:\inetpub\inbound\myfile.txt

But I remember that the parameter type should be virtual path and not filesystem path !

enter image description here

d:\inetpub\inbound\myfile.txt is not a virtual path!

what am I missing ?

enter image description here

p.s. this is the book : (wrox)

enter image description here

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-13T21:37:58+00:00

Editorial Team

2026-06-13T21:37:58+00:00Added an answer on June 13, 2026 at 9:37 pm

The code sample is wrong.

The role of Server.MapPath is indeed to transform a virtual path into a physical one. If you already have a physical path, there’a no need for Server.MapPath.

The code will probably throw an Exception with the message:

‘d:\inetpub\inbound\myfile.txt’ is a physical path, but a virtual path was expected.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

So I am reading a book about asp.net security. and one of the sections

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply